CVE-2024-9365
MEDIUMpolyaxon/polyaxon v2.4.0 - Cross-Site Request Forgery
Title source: llmDescription
A Cross-Site Request Forgery (CSRF) vulnerability in polyaxon/polyaxon v2.4.0 allows attackers to perform unauthorized actions in the context of the victim's browser. This includes creating projects, model versions, and artifact versions, or changing settings. The impact of this vulnerability includes potential data loss and service disruption.
References (1)
Core 1
Core References
Exploit, Third Party Advisory
https://huntr.com/bounties/cdfa012b-a694-4beb-9a9a-12a9dde07ef9
Scores
CVSS v3
6.5
EPSS
0.0023
EPSS Percentile
13.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-352
Status
published
Products (1)
polyaxon/polyaxon/polyaxon
unspecified - latest
Published
Mar 20, 2025
Tracked Since
Feb 18, 2026