Skip to main content

Lightdash CVE-2024-6586

HIGH
Insertion of Sensitive Information Into Sent Data (CWE-201)
2024-08-30 mandiant-cve@google.com
7.3
CVSS 3.1 · Vendor: google
Share

Severity by source

Vendor (google) PRIMARY
7.3 HIGH
AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

Primary rating from Vendor (google) · only source for this CVE.

CVSS VectorVendor: google

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Aug 30, 2024 - 23:15 cve.org
HIGH 7.3

DescriptionCVE.org

Lightdash version 0.1024.6 allows users with the necessary permissions, such as Administrator or Editor, to create and share dashboards. A dashboard that contains HTML elements which point to a threat actor controlled source can trigger an SSRF request when exported, via a POST request to /api/v1/dashboards//export. The forged request contains the value of the exporting user’s session token. A threat actor could obtain the session token of any user who exports the dashboard. The obtained session token can be used to perform actions as the victim on the application, resulting in session takeover.

AnalysisAI

Lightdash version 0.1024.6 allows users with the necessary permissions, such as Administrator or Editor, to create and share dashboards. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-201. Lightdash version 0.1024.6 allows users with the necessary permissions, such as Administrator or Editor, to create and share dashboards. A dashboard that contains HTML elements which point to a threat actor controlled source can trigger an SSRF request when exported, via a POST request to /api/v1/dashboards//export. The forged request contains the value of the exporting user’s session token. A threat actor could obtain the session token of any user who exports the dashboard. The obtained session token can be used to perform actions as the victim on the application, resulting in session takeover. Version information: version 0.1024.6.

Affected ProductsAI

See vendor advisory for affected versions.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Share

CVE-2024-6586 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy