cvelistv5 - cve-2024-23597

CVE-2024-23597 (GCVE-0-2024-23597)

Vulnerability from cvelistv5

Published

2024-05-01 13:00

Modified

2024-08-01 23:06

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE

Cross-site request forgery (CSRF)

Summary

Cross-site request forgery (CSRF) vulnerability exists in TvRock 0.9t8a. If a logged-in user of TVRock accesses a specially crafted page, unintended operations may be performed. Note that the developer was unreachable, therefore, users should consider stop using TvRock 0.9t8a.

References

URL

Tags

https://jvn.jp/en/jp/JVN24683352/

Impacted products

	Vendor	Product	Version
	TvRock	TvRock	Version: 0.9t8a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:tvrock:tvrock:0.9t8a:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "tvrock",
            "vendor": "tvrock",
            "versions": [
              {
                "status": "affected",
                "version": "0.9t8a"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 4.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-23597",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-01T15:09:11.837751Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-352",
                "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:45:39.580Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T23:06:25.320Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN24683352/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "TvRock",
          "vendor": "TvRock",
          "versions": [
            {
              "status": "affected",
              "version": "0.9t8a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery (CSRF) vulnerability exists in TvRock 0.9t8a. If a logged-in user of TVRock accesses a specially crafted page, unintended operations may be performed. Note that the developer was unreachable, therefore, users should consider stop using TvRock 0.9t8a."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-site request forgery (CSRF)",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-01T13:00:05.062Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://jvn.jp/en/jp/JVN24683352/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2024-23597",
    "datePublished": "2024-05-01T13:00:05.062Z",
    "dateReserved": "2024-03-05T04:05:59.268Z",
    "dateUpdated": "2024-08-01T23:06:25.320Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://jvn.jp/en/jp/JVN24683352/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T23:06:25.320Z\"}}, {\"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-23597\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-05-01T15:09:11.837751Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:tvrock:tvrock:0.9t8a:*:*:*:*:*:*:*\"], \"vendor\": \"tvrock\", \"product\": \"tvrock\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.9t8a\"}], \"defaultStatus\": \"unknown\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-352\", \"description\": \"CWE-352 Cross-Site Request Forgery (CSRF)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-01T15:12:40.153Z\"}, \"title\": \"CISA ADP Vulnrichment\"}], \"cna\": {\"affected\": [{\"vendor\": \"TvRock\", \"product\": \"TvRock\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.9t8a\"}]}], \"references\": [{\"url\": \"https://jvn.jp/en/jp/JVN24683352/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Cross-site request forgery (CSRF) vulnerability exists in TvRock 0.9t8a. If a logged-in user of TVRock accesses a specially crafted page, unintended operations may be performed. Note that the developer was unreachable, therefore, users should consider stop using TvRock 0.9t8a.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Cross-site request forgery (CSRF)\"}]}], \"providerMetadata\": {\"orgId\": \"ede6fdc4-6654-4307-a26d-3331c018e2ce\", \"shortName\": \"jpcert\", \"dateUpdated\": \"2024-05-01T13:00:05.062Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-23597\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-01T23:06:25.320Z\", \"dateReserved\": \"2024-03-05T04:05:59.268Z\", \"assignerOrgId\": \"ede6fdc4-6654-4307-a26d-3331c018e2ce\", \"datePublished\": \"2024-05-01T13:00:05.062Z\", \"assignerShortName\": \"jpcert\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

cve-2024-23597

Vulnerability from jvndb

Published

2024-04-23 18:22

Modified

2024-04-23 18:22

Severity ?

4.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Summary

TvRock vulnerable to cross-site request forgery

Details

TvRock <http://1st.geocities.jp/tvrock_web/> provided by TvRock (according to the original report submitted by the reporter) is a tool to set a timer recording for a TV program. TvRock contains a cross-site request forgery vulnerability (CWE-352). During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on December 20, 2023, it was judged that an advisory for this vulnerability shall be disclosed since all the criteria and conditions described below which are stated in Standards for Handling Vulnerability related Information of Software Products and Other and Information Security Early Warning Partnership Guideline have been satisfied. 1. The developer of the product is unreachable 2. Existence of vulnerability has been verified 3. Not disclosing this case may result in the risk that product users will have no means to know of the existence of the vulnerability in the product 4. There are no particular reasons that would make disclosure inappropriate

References

Type

URL

	JVN	https://jvn.jp/en/jp/JVN24683352/index.html
	CVE	https://www.cve.org/CVERecord?id=CVE-2024-23597
	Cross-Site Request Forgery(CWE-352)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

TvRock

Show details on JVN DB website