QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2024-5936

Back to search

CVE-2024-5936

Published: Jun 27, 2024

Modified: Aug 1, 2024

PUBLISHED

CVSS v3.0

4.3

MEDIUM

Description

An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper handling of the 'file' parameter. This vulnerability allows attackers to redirect users to a URL specified by user-controlled input without proper validation or sanitization. The impact of this vulnerability includes potential phishing attacks, malware distribution, and credential theft.

VendorProductVersions

imartinez

imartinez/privategpt

affected
unspecified - <= latest

Weaknesses (CWE)

CWE-601

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now