CVE-2024-1682

Published: Nov 14, 2024

Modified: Nov 18, 2024

PUBLISHED

CVSS v3.0

4.3

MEDIUM

Description

An unclaimed Amazon S3 bucket, 'codeconf', is referenced in an audio file link within the .rst documentation file. This bucket has been claimed by an external party. The use of this unclaimed S3 bucket could lead to data integrity issues, data leakage, availability problems, loss of trustworthiness, and potential further attacks if the bucket is used to host malicious content or as a pivot point for further attacks.

Vendor	Product	Versions
psf	psf/requests	affected `unspecified - < N/A`

Weaknesses (CWE)

CWE-840

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

References

https://huntr.com/bounties/4da5ded5-b59b-4ece-8812-46a4329e446c

https://github.com/psf/requests/commit/6106a63eb6c0fa490efa73d44388ac25b1b08af4

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-1682

Description

Affected Products

Weaknesses (CWE)

CVSS v3.0 Details

References