CVE-2024-1240
Published: 15 November 2024
Summary
CVE-2024-1240 is a medium-severity Open Redirect (CWE-601) vulnerability in Pyload Pyload. Its CVSS base score is 6.1 (Medium).
Operationally, ranked at the 46.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-0155
Vulnerability details
An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, which can be used…
more
for phishing or other malicious activities. The issue is fixed in pyload-ng 0.5.0b3.dev79.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.