MindsDB Platform Struck by Cross-Site Scripting (XSS) Flaw
CVE-2024-45856

5.4MEDIUM

Key Information:

Vendor: Mindsdb
Status: Mindsdb
Vendor: CVE Published:; 12 September 2024

What is CVE-2024-45856?

A severe cross-site scripting vulnerability can be exploited in the MindsDB platform, affecting all versions. This vulnerability allows attackers to execute arbitrary JavaScript payloads when users interact with the web UI for enumeration of ML Engines, databases, projects, or datasets. If malicious code is injected into these components, it can lead to unauthorized access or manipulation of data, as the web application does not adequately sanitize input. It is crucial for users of MindsDB to implement immediate security measures to mitigate the risk associated with this vulnerability.

Affected Version(s)

mindsdb *

References

https://hiddenlayer.com/sai-security-advisory/2024-09-min...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 12, 2024
Vulnerability Reserved
Sep 10, 2024

Mindsdb

What is CVE-2024-45856?

Affected Version(s)

References

CVSS V3.1

Timeline