CVE-2024-54851

CVE-2024-54851 is a Cross-Site Request Forgery (CSRF) vulnerability affecting Teedy versions 1.12 and earlier, stemming from the absence of CSRF protection mechanisms. This flaw, classified under CWE-352, carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high severity due to its network accessibility, low complexity, lack of required privileges, and potential for significant impacts on confidentiality, integrity, and availability.

An unauthenticated attacker (PR:N) can exploit this vulnerability by crafting a malicious webpage or resource that, when visited by an authenticated Teedy user (UI:R), triggers unauthorized requests to the Teedy application. Successful exploitation allows the attacker to perform actions on behalf of the victim user, potentially leading to high-impact outcomes such as data modification, deletion, or unauthorized access, depending on the user's privileges within the Teedy instance.

For mitigation details, refer to the advisory provided in the GitHub repository at https://github.com/Tanguy-Boisset/CVE/blob/master/CVE-2024-54851/README.md, which documents the issue discovered by Tanguy Boisset.