MindsDB Platform Struck by Cross-Site Scripting (XSS) Flaw
CVE-2024-45856

5.4MEDIUM

Key Information:

Vendor: Mindsdb
Status: Mindsdb
Vendor: CVE Published:; 12 September 2024

What is CVE-2024-45856?

A severe cross-site scripting vulnerability can be exploited in the MindsDB platform, affecting all versions. This vulnerability allows attackers to execute arbitrary JavaScript payloads when users interact with the web UI for enumeration of ML Engines, databases, projects, or datasets. If malicious code is injected into these components, it can lead to unauthorized access or manipulation of data, as the web application does not adequately sanitize input. It is crucial for users of MindsDB to implement immediate security measures to mitigate the risk associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

mindsdb *

References

https://hiddenlayer.com/sai-security-advisory/2024-09-min...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 12, 2024
Vulnerability Reserved
Sep 10, 2024

JSON

Mindsdb