CVE-2024-9710
PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability
CVSS Score
7.1
EPSS Score
0.0%
EPSS Percentile
0th
PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the database_schema method. The issue results from the lack of proper validation of a URI prior to accessing resources. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-25351.
| CWE | CWE-918 |
| Vendor | posthog |
| Product | posthog |
| Published | Nov 22, 2024 |
| Last Updated | Nov 26, 2024 |
Stay Ahead of the Next One
Get instant alerts for posthog posthog
Be the first to know when new high vulnerabilities affecting posthog posthog are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N Affected Versions
PostHog / PostHog
b8817c14065c23159dcf52849f0bdcd12516c43e