CVE-2024-28216 | THREATINT

Description

nGrinder before 3.5.9 allows an attacker to obtain the results of webhook requests due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery.

PUBLISHED Reserved 2024-03-07 | Published 2024-03-07 | Updated 2024-09-06 | Assigner naver

Problem types

CWE-862 Missing Authorization

Product status

Default status

affected

3.5.9

unaffected

Credits

Peter Stöckli of GitHub Security Lab

References

cve.naver.com/detail/cve-2024-28216.html (NAVER Security Advisory)

cve.org (CVE-2024-28216)

nvd.nist.gov (CVE-2024-28216)

Download JSON