{"vulnerability": "cve-2024-56310", "sightings": [{"uuid": "b180c12d-d9ab-474a-9df6-1567e2550b60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56310", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1124", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-56310\n\ud83d\udd39 Description: REDCap through 14.9.6 has a security flaw in the Project Dashboards name, exposing users to a Cross-Site Request Forgery (CSRF) attack. An attacker can exploit this by luring users into clicking on a Project Dashboards name that contains the malicious payload, which triggers a logout request and terminates their session. This vulnerability stems from the absence of CSRF protections on the logout functionality, allowing malicious actions to be executed without user consent.\n\ud83d\udccf Published: 2024-12-22T00:00:00\n\ud83d\udccf Modified: 2025-01-10T10:48:01.411479Z\n\ud83d\udd17 References:\n1. https://www.evms.edu/research/resources_services/redcap/redcap_change_log/\n2. https://github.com/ping-oui-no/Vulnerability-Research-CVESS/tree/main/RedCap", "creation_timestamp": "2025-01-10T11:06:14.000000Z"}, {"uuid": "426c045f-022a-4539-b8f4-67c529b5b269", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56310", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8056", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-56310\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: REDCap through 14.9.6 has a security flaw in the Project Dashboards name, exposing users to a Cross-Site Request Forgery (CSRF) attack. An attacker can exploit this by luring users into clicking on a Project Dashboards name that contains the malicious payload, which triggers a logout request and terminates their session. This vulnerability stems from the absence of CSRF protections on the logout functionality, allowing malicious actions to be executed without user consent.\n\ud83d\udccf Published: 2024-12-22T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-19T13:51:20.367Z\n\ud83d\udd17 References:\n1. https://www.evms.edu/research/resources_services/redcap/redcap_change_log/\n2. https://github.com/ping-oui-no/Vulnerability-Research-CVESS/tree/main/RedCap", "creation_timestamp": "2025-03-19T14:16:51.000000Z"}, {"uuid": "6b60e980-db24-49e6-bd54-ca0f47be611b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56310", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ldwdkku5lm22", "content": "", "creation_timestamp": "2024-12-22T21:15:28.837236Z"}, {"uuid": "312b45e7-d425-4f70-b136-b8fd52d54952", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56310", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113698522236702228", "content": "", "creation_timestamp": "2024-12-22T21:09:28.063088Z"}, {"uuid": "f82fce5a-1a96-40f8-8d8d-d0571c8badcc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56310", "type": "seen", "source": "https://t.me/cvedetector/13513", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-56310 - REDCap CSRF Logout Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-56310 \nPublished : Dec. 22, 2024, 9:15 p.m. | 41\u00a0minutes ago \nDescription : REDCap through 15.0.0 has a security flaw in the Project Dashboards name, exposing users to a Cross-Site Request Forgery (CSRF) attack. An attacker can exploit this by luring users into clicking on a Project Dashboards name that contains the malicious payload, which triggers a logout request and terminates their session. This vulnerability stems from the absence of CSRF protections on the logout functionality, allowing malicious actions to be executed without user consent. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"22 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-22T23:06:21.000000Z"}]}