← volver
CVE-2024-55888

Content Security Policy appears to be missing in software and production setup

CVSS 7.1 HIGHEPSS 0.3%CWE-1021
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 7.1EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
12 dic 2024Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Hush Line is an open-source whistleblower management system. Starting in version 0.1.0 and prior to version 0.3.5, the productions server appeared to have been misconfigured and missed providing any content security policy or security headers. This could result in bypassing of cross-site scripting filters. Version 0.3.5 fixed the issue.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Productos afectados
scidsg · hushline

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/scidsg/hushline/security/advisories/GHSA-m592-g8qv-hrqx