CVE-2024-8183

7.6 HIGH
Published: March 20, 2025 Modified: April 15, 2026
View on NVD

Description

A CORS (Cross-Origin Resource Sharing) misconfiguration in prefecthq/prefect version 2.20.2 allows unauthorized domains to access sensitive data. This vulnerability can lead to unauthorized access to the database, resulting in potential data leaks, loss of confidentiality, service disruption, and data integrity risks.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://github.com/prefecthq/prefect/commit/a69266e077169b8a32ad76b1dd3ea63b96d011c2
Source: security@huntr.dev
https://huntr.com/bounties/b801de43-ff9f-4db9-b583-4797d4f7d3d2
Source: security@huntr.dev

2 reference(s) from NVD

Quick Stats

CVSS v3 Score
7.6 / 10.0
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-346

Related CVEs

CVE-2026-6398 N/A
CVE-2026-40261 8.8
CVE-2026-40186 6.1
CVE-2026-40176 7.8
CVE-2026-40173 9.4