CVE-2024-8367 MEDIUM

CVE-2024-8367: HM Courts & Tribunals Service Probate Back Office Markdown NotificationService.java injection

Vendor Hm Courts & Tribunals Service

Product Probate Back Office

Weakness CWE-74

Published September 1, 2024

Last update September 3, 2024

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Adjacent

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

Description

A vulnerability was found in HM Courts & Tribunals Service Probate Back Office up to c1afe0cdb2b2766d9e24872c4e827f8b82a6cd31. It has been classified as problematic. Affected is an unknown function of the file src/main/java/uk/gov/hmcts/probate/service/NotificationService.java of the component Markdown Handler. The manipulation leads to injection. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as d90230d7cf575e5b0852d56660104c8bd2503c34. It is recommended to apply a patch to fix this issue.

Key dates

Disclosure timeline

September 1, 2024 CVE published

September 3, 2024 Record updated

Identifiers

CVE CVE-2024-8367

CWE CWE-74

CVSS 5.1 / MEDIUM

Affected versions

Vendor Hm Courts & Tribunals Service

Product Probate Back Office

Affected c1afe0cdb2b2766d9e24872c4e827f8b82a6cd31