CVE-2024-8183
Prefect CORS (Cross-Origin Resource Sharing) misconfiguration
7.6
HIGH
CVSS 3.1
EPSS 0.09%
Description
A CORS (Cross-Origin Resource Sharing) misconfiguration in prefecthq/prefect prior to version 3.0.3 allows unauthorized domains to access sensitive data. This vulnerability can lead to unauthorized access to the database, resulting in potential data leaks, loss of confidentiality, service disruption, and data integrity risks.
How to fix CVE-2024-8183
To remediate CVE-2024-8183, upgrade the affected package to a fixed version below.
- —upgrade to 3.0.3 or later
Is CVE-2024-8183 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 3.0.0rc1, < 3.0.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.6 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L |