CVE-2024-28251

{"id": "CVE-2024-28251", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 3.9}]}, "published": "2024-03-14T00:15:33.630", "references": [{"url": "https://github.com/pinterest/querybook/pull/1425", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://github.com/pinterest/querybook/security/advisories/GHSA-5349-j4c9-x767", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://github.com/pinterest/querybook/pull/1425", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/pinterest/querybook/security/advisories/GHSA-5349-j4c9-x767", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-345"}]}], "descriptions": [{"lang": "en", "value": "Querybook is a Big Data Querying UI, combining collocated table metadata and a simple notebook interface. Querybook's datadocs functionality works by using a Websocket Server. The client talks to this WSS whenever updating/deleting/reading any cells as well as for watching the live status of query executions. Currently the CORS setting allows all origins, which could result in cross-site websocket hijacking and allow attackers to read/edit/remove datadocs of the user. This issue has been addressed in version 3.32.0. Users are advised to upgrade. There are no known workarounds for this vulnerability."}, {"lang": "es", "value": "Querybook es una interfaz de usuario de consulta de Big Data que combina metadatos de tablas colocadas y una interfaz de cuaderno simple. La funcionalidad de documentos de datos de Querybook funciona mediante un servidor Websocket. El cliente habla con este WSS cada vez que actualiza, elimina o lee cualquier celda, as\u00ed como para observar el estado en vivo de las ejecuciones de consultas. Actualmente, la configuraci\u00f3n CORS permite todos los or\u00edgenes, lo que podr\u00eda resultar en el secuestro de websocket entre sitios y permitir a los atacantes leer/editar/eliminar documentos de datos del usuario. Este problema se solucion\u00f3 en la versi\u00f3n 3.32.0. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."}], "lastModified": "2025-09-04T15:58:07.750", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pinterest:querybook:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8CFC8B6A-D102-49DD-844D-9B43DA76B7CC", "versionEndExcluding": "3.32.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}