CVE-2024-49379

Currently unrated 🤨

Key Information

Vendor: CVE Published:; 13 November 2024

Badges

👾 Exploit Exists🔴 Public PoC

Summary

Umbrel is a home server OS for self-hosting. The login functionality of Umbrel before version 1.2.2 contains a reflected cross-site scripting (XSS) vulnerability in use-auth.tsx. An attacker can specify a malicious redirect query parameter to trigger the vulnerability. If a JavaScript URL is passed to the redirect parameter the attacker provided JavaScript will be executed after the user entered their password and clicked on login. This vulnerability is fixed in 1.2.2.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-49379
Created by OHDUDEOKNICE

Timeline

👾
Exploit exists.
Nov 17, 2024
Vulnerability published.
Nov 13, 2024

Collectors

NVD Database1 Proof of Concept(s)