Cross-Site Request Forgery Vulnerability in Netease Youdao API
CVE-2024-8026
8.1HIGH
What is CVE-2024-8026?
A Cross-Site Request Forgery (CSRF) vulnerability exists in the backend API of Netease Youdao's Qanything repository, stemming from overly permissive CORS headers. This configuration enables unauthorized cross-origin requests to all backend endpoints, facilitating malicious activities such as file creation, uploading, listing, deletion, and management of knowledge bases. It poses significant risks to user data integrity and application security.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
netease-youdao/qanything <= unspecified
References
CVSS V3.1
Score:
8.1
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
CVSS V3.0
Score:
8.1
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved