CVE-2024-9526

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)

Published: Nov 18, 2024 / Updated: 1d ago

010
CVSS 7.1EPSS 0.04%High
CVE info copied to clipboard

There exists a stored XSS Vulnerability in Kubeflow Pipeline View web UI. The Kubeflow Web UI allows to create new pipelines. When creating a new pipeline, it is possible to add a description. The description field allows html tags, which are not filtered properly. Leading to a stored XSS. We recommend upgrading past commit 930c35f1c543998e60e8d648ce93185c9b5dbe8d

CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:U/V:D/RE:L/U:Green

Timeline

CVE Assignment

NVD published the first details for CVE-2024-9526

Nov 18, 2024 at 2:15 PM
CVSS

A CVSS base score of 7.1 has been assigned.

Nov 18, 2024 at 2:20 PM / nvd
First Article

Feedly found the first article mentioning CVE-2024-9526. See article

Nov 18, 2024 at 2:21 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Nov 18, 2024 at 2:21 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 10.2%)

Nov 19, 2024 at 9:43 AM
Static CVE Timeline Graph

Affected Systems

Kubeflow/kubeflow
+null more

Attack Patterns

CAPEC-209: XSS Using MIME Type Mismatch
+null more

News

NA - CVE-2024-9526 - There exists a stored XSS Vulnerability in...
There exists a stored XSS Vulnerability in Kubeflow Pipeline View web UI. The Kubeflow Web UI allows to create new pipelines. When creating a new pipeline, it is possible to add a description. The...
CVE-2024-9526 | Kubeflow Pipeline View Web UI description cross site scripting
A vulnerability has been found in Kubeflow Pipeline View and classified as problematic . This vulnerability affects unknown code of the component Web UI . The manipulation of the argument description leads to cross site scripting. This vulnerability was named CVE-2024-9526 . The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
CVE-2024-9526 - Kubeflow Pipeline View Stored XSS
CVE ID : CVE-2024-9526 Published : Nov. 18, 2024, 2:15 p.m. 53 minutes ago Description : There exists a stored XSS Vulnerability in Kubeflow Pipeline View web UI. The Kubeflow Web UI allows to create new pipelines. When creating a new pipeline, it is possible to add a description. The description field allows html tags, which are not filtered properly.
CVE-2024-9526
There exists a stored XSS Vulnerability in Kubeflow Pipeline View web UI. The Kubeflow Web UI allows to create new pipelines. When creating a new pipeline, it is possible to add a description. The description field allows html tags, which are not filtered properly. Leading to a stored XSS. We recommend upgrading past...
CVE-2024-9526
There exists a stored XSS Vulnerability in Kubeflow Pipeline View web UI. The Kubeflow Web UI allows to create new pipelines. When creating a new pipeline, it is possible to add a description. The description field allows html tags, which are not filtered properly. Leading to a stored XSS. We recommend upgrading past commit 930c35f1c543998e60e8d648ce93185c9b5dbe8d
See 4 more articles and social media posts

CVSS V3.1

Unknown

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI