CVE-2024-57373

CVE-2024-57373 is a Cross-Site Request Forgery (CSRF) vulnerability, mapped to CWE-352, in LifestyleStore version 1.0. This flaw allows a remote attacker to execute unauthorized actions on behalf of an authenticated user, potentially leading to account modifications or data compromise. The vulnerability carries a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N), reflecting its high severity due to network vector, low attack complexity, lack of required privileges, and substantial impacts on confidentiality and integrity with no availability disruption.

A remote attacker without privileges can exploit this issue by inducing an authenticated user to perform an action, such as visiting a malicious webpage or clicking a crafted link, which triggers the unauthorized request. Successful exploitation enables the attacker to act as the victim, achieving outcomes like account alterations or data exposure, directly aligning with the high confidentiality and integrity impact ratings.

Mitigation guidance and further details are available in the referenced advisories, including the exploit demonstration at https://github.com/cypherdavy/CVE-2024-57373 and the affected LifestyleStore repository at https://github.com/sajalagrawal/LifestyleStore. The CVE was published on 2025-01-27T23:15:09.830.