CVE-2024-8183

HIGH

prefecthq/prefect <2.20.2 - SSRF

Title source: llm
STIX 2.1

Description

A CORS (Cross-Origin Resource Sharing) misconfiguration in prefecthq/prefect version 2.20.2 allows unauthorized domains to access sensitive data. This vulnerability can lead to unauthorized access to the database, resulting in potential data leaks, loss of confidentiality, service disruption, and data integrity risks.

References (2)

Scores

CVSS v3 7.6
EPSS 0.0009
EPSS Percentile 26.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-346
Status published
Products (2)
prefecthq/prefecthq/prefect unspecified - 3.0.3
pypi/prefect 3.0.0rc1 - 3.0.3PyPI
Published Mar 20, 2025
Tracked Since Feb 18, 2026