CVE-2024-34074
Published: 14 May 2024
Summary
CVE-2024-34074 is a medium-severity Open Redirect (CWE-601) vulnerability in Frappe Frappe. Its CVSS base score is 6.1 (Medium).
Operationally, ranked in the top 49.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-34614
Vulnerability details
Frappe is a full-stack web application framework. Prior to 15.26.0 and 14.74.0, the login page accepts redirect argument and it allowed redirect to untrusted external URls. This behaviour can be used by malicious actors for phishing. This vulnerability is fixed…
more
in 15.26.0 and 14.74.0.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.