CVE-2024-38522
6.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Summary
Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. The CSP policy applied on the tips.hushline.app website and bundled by default in this repository is trivial to bypass. This vulnerability has been patched in version 0.1.0.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| scidsg | hushline | < 0.1.0 | affected |
Weaknesses
- CWE-183: CWE-183: Permissive List of Allowed Inputs
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://github.com/scidsg/hushline/security/advisories/GHSA-r85c-95x7-4h7q
- https://github.com/scidsg/hushline/commit/2bbeae78a24ca2cd893f32a1812f5f6634cb21b6
References
- https://github.com/scidsg/hushline/security/advisories/GHSA-r85c-95x7-4h7q
- https://github.com/scidsg/hushline/commit/2bbeae78a24ca2cd893f32a1812f5f6634cb21b6
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.