CVE-2024-9365 MEDIUM

CVE-2024-9365: Cross-Site Request Forgery (CSRF) in polyaxon/polyaxon

Vendor Polyaxon
Product polyaxon/polyaxon
Weakness CWE-352 · CSRF
Published March 20, 2025
Last update March 20, 2025

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality None
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

What the vulnerability does

01Description

A Cross-Site Request Forgery (CSRF) vulnerability in polyaxon/polyaxon v2.4.0 allows attackers to perform unauthorized actions in the context of the victim's browser. This includes creating projects, model versions, and artifact versions, or changing settings. The impact of this vulnerability includes potential data loss and service disruption.

Key dates

02Disclosure timeline

March 20, 2025 CVE published
March 20, 2025 Record updated