GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link.</p> CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"/>GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link.</p> CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"/>
Server-Side Request Forgery (SSRF) (CWE-918)
An improper access control vulnerability in GroupMe allows an unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link.
This vulnerability has a high impact on confidentiality, integrity, and availability. It allows an unauthenticated attacker to gain elevated privileges, potentially compromising the affected system's security. The attack can be executed over a network, increasing its reach and potential for widespread exploitation.
There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.
A patch is available. Microsoft has released updates to address this vulnerability.
1. Apply the security updates provided by Microsoft as soon as possible. 2. Implement user awareness training to help users identify and avoid clicking on suspicious links. 3. Consider implementing additional network security measures, such as intrusion detection/prevention systems, to detect and block potential exploit attempts. 4. Limit network access to the affected GroupMe application where possible. 5. Monitor for any suspicious activities or unauthorized access attempts in systems running GroupMe.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
NVD published the first details for CVE-2024-38183
Feedly found the first article mentioning CVE-2024-38183. See article
Feedly estimated the CVSS score as HIGH
EPSS Score was set to: 0.09% (Percentile: 39.6%)
EPSS Score was set to: 0.11% (Percentile: 44.4%)