CVE-2024-28216

MEDIUM

nGrinder < 3.5.9 - Missing Authorization for Webhook Request Results

Title source: llm
STIX 2.1

Description

nGrinder before 3.5.9 allows an attacker to obtain the results of webhook requests due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery.

References (1)

Core 1
Core References

Scores

CVSS v3 5.4
EPSS 0.0033
EPSS Percentile 25.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-862
Status published
Products (1)
naver/ngrinder < 3.5.9
Published Mar 07, 2024
Tracked Since Feb 18, 2026