Home > Vulnerability Database > CVE-2024-8183

Mend.io Vulnerability Database

CVE-2024-8183

Good to know:

Date: March 20, 2025

A CORS (Cross-Origin Resource Sharing) misconfiguration in prefecthq/prefect version 2.20.2 allows unauthorized domains to access sensitive data. This vulnerability can lead to unauthorized access to the database, resulting in potential data leaks, loss of confidentiality, service disruption, and data integrity risks.

Severity Score

7.6

Related Resources (8)

Url: https://github.com/prefecthq/prefect/commit/a69266e077169b8a32ad76b1dd3ea63b96d011c2

Url: https://github.com/PrefectHQ/prefect

Url: https://huntr.com/bounties/b801de43-ff9f-4db9-b583-4797d4f7d3d2

Url: https://github.com/PrefectHQ/prefect/commit/8f159b404126d93964a4daace7619bc553fa318c

Url: https://github.com/PrefectHQ/prefect/issues/15074

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-8183

Url: https://github.com/PrefectHQ/prefect/releases/tag/2.20.17

Url: https://www.mend.io/vulnerability-database/CVE-2024-8183

Severity Score

7.6

Weakness Type (CWE)

Origin Validation Error

CWE-346

Top Fix

Upgrade Version

Upgrade to version prefect - 3.0.3;prefect - 3.0.3;prefect - 2.20.17;prefect - 3.0.3;https://github.com/prefecthq/prefect.git - 3.0.3

Learn More

CVSS v3.1

Base Score:	7.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-8183

Good to know:

Date: March 20, 2025

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?