CVE-2024-51381

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-51381
Cross-Site Request Forgery (CSRF) vulnerability in JATOS v3.9.3 that allows attackers to perform actions reserved for administrators, including creating admin accounts. This critical flaw can lead to unauthorized activities, compromising the security and integrity of the platform, especially if an attacker gains administrative control.

8.4 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.7 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://hacking-notes.medium.com/cve-2024-51381-jatos-v3-9-3-csrf-admin-account-creation-94035f24d0be Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:jatos:jatos:3.9.3:*:*:*:*:*:*:*
History

24 Jun 2025, 13:20

Type Values Removed Values Added
First Time Jatos jatos
Jatos
CPE cpe:2.3:a:jatos:jatos:3.9.3:*:*:*:*:*:*:*
References () https://hacking-notes.medium.com/cve-2024-51381-jatos-v3-9-3-csrf-admin-account-creation-94035f24d0be - () https://hacking-notes.medium.com/cve-2024-51381-jatos-v3-9-3-csrf-admin-account-creation-94035f24d0be - Exploit, Third Party Advisory

06 Nov 2024, 17:35

Type Values Removed Values Added
CWE CWE-352
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.4
Summary
  • (es) Vulnerabilidad de Cross-Site Request Forgery (CSRF) en JATOS v3.9.3 que permite a los atacantes realizar acciones reservadas a los administradores, incluida la creación de cuentas de administrador. Este fallo crítico puede conducir a actividades no autorizadas, lo que compromete la seguridad y la integridad de la plataforma, especialmente si un atacante obtiene el control administrativo.

05 Nov 2024, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-11-05 19:15

Updated : 2025-06-24 13:20

NVD link : CVE-2024-51381

Mitre link : CVE-2024-51381

CVE.ORG link : CVE-2024-51381

JSON object : View

Products Affected

jatos

  • jatos
CWE
CWE-352

Cross-Site Request Forgery (CSRF)