CVE-2024-11602

{"id": "CVE-2024-11602", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "security@huntr.dev", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 7.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 2.8}]}, "published": "2025-03-20T10:15:25.337", "references": [{"url": "https://huntr.com/bounties/7b24ecbe-0af7-4125-ab56-bce09786042e", "source": "security@huntr.dev"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "security@huntr.dev", "description": [{"lang": "en", "value": "CWE-346"}]}], "descriptions": [{"lang": "en", "value": "A Cross-Origin Resource Sharing (CORS) vulnerability exists in feast-dev/feast version 0.40.0. The CORS configuration on the agentscope server does not properly restrict access to only trusted origins, allowing any external domain to make requests to the API. This can bypass intended security controls and potentially expose sensitive information."}, {"lang": "es", "value": "Existe una vulnerabilidad de Cross-Origin Resource Sharing (CORS) en feast-dev/feast versi\u00f3n 0.40.0. La configuraci\u00f3n de CORS en el servidor agentscope no restringe correctamente el acceso \u00fanicamente a or\u00edgenes de confianza, lo que permite que cualquier dominio externo realice solicitudes a la API. Esto puede eludir los controles de seguridad previstos y potencialmente exponer informaci\u00f3n confidencial."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "security@huntr.dev"}