Vulnerabilities > CVE-2024-24759 - Server-Side Request Forgery (SSRF) vulnerability in Mindsdb

047910
CVSS 9.1 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
mindsdb
CWE-918
critical
NVD
Published: 2024-09-05
Updated: 2024-09-06

Summary

MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 23.12.4.2, a threat actor can bypass the server-side request forgery protection on the whole website with DNS Rebinding. The vulnerability can also lead to denial of service. Version 23.12.4.2 contains a patch.

Vulnerable Configurations

Part Description Count
Application
Mindsdb
235

Common Weakness Enumeration (CWE)

References