Groupme
CVE-2024-38183
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from Vendor (microsoft) · only source for this CVE.
CVSS VectorVendor: microsoft
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network.
AnalysisAI
An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.
Technical ContextAI
This vulnerability is classified as Server-Side Request Forgery (SSRF) (CWE-918), which allows attackers to make the server perform requests to unintended internal or external resources. An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network. Affected products include: Microsoft Groupme.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Validate and allowlist destination URLs, block requests to internal networks, use network segmentation.
An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a ne
An improper restriction of excessive authentication attempts in GroupMe allows a unauthenticated attacker to elevate pri
Same weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today