CVE-2024-28215

Published: Mar 7, 2024Modified: May 7, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

nGrinder before 3.5.9 allows an attacker to create or update webhook configuration due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery.

Affected (1)

Products: Naver: Ngrinder

Naver

1 product

Ngrinder

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Naver Ngrinder	Before 3.5.9

Related CWEs

CWE-862

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (2)

https://cve.naver.com/detail/cve-2024-28215.html

Source: cve@navercorp.com

Vendor Advisory

https://cve.naver.com/detail/cve-2024-28215.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.