{"vulnerability": "cve-2024-56311", "sightings": [{"uuid": "821026a2-13a4-408c-af43-50045d8dbbcb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56311", "type": "seen", "source": "https://t.me/cvedetector/13514", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-56311 - REDCap CSRF Logout Weakness\", \n  \"Content\": \"CVE ID : CVE-2024-56311 \nPublished : Dec. 22, 2024, 9:15 p.m. | 41\u00a0minutes ago \nDescription : REDCap through 15.0.0 has a security flaw in the Notes section of calendar events, exposing users to a Cross-Site Request Forgery (CSRF) attack. An attacker can exploit this by luring users into accessing a calendar event's notes, which triggers a logout request and terminates their session. This vulnerability stems from the absence of CSRF protections on the logout functionality, allowing malicious actions to be executed without user consent. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"22 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-22T23:06:22.000000Z"}, {"uuid": "03070ef1-619f-46df-94f5-30e381667169", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56311", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ldwdknocxx2e", "content": "", "creation_timestamp": "2024-12-22T21:15:32.510322Z"}, {"uuid": "088ba8fa-9876-4186-a298-c03ce427cd74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56311", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113698522251929073", "content": "", "creation_timestamp": "2024-12-22T21:09:28.415198Z"}, {"uuid": "ecfb9590-d45a-405f-b48e-d50a58479bee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56311", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1123", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-56311\n\ud83d\udd39 Description: REDCap through 14.9.6 has a security flaw in the Notes section of calendar events, exposing users to a Cross-Site Request Forgery (CSRF) attack. An attacker can exploit this by luring users into accessing a calendar event's notes, which triggers a logout request and terminates their session. This vulnerability stems from the absence of CSRF protections on the logout functionality, allowing malicious actions to be executed without user consent.\n\ud83d\udccf Published: 2024-12-22T00:00:00\n\ud83d\udccf Modified: 2025-01-10T10:48:44.723190Z\n\ud83d\udd17 References:\n1. https://www.evms.edu/research/resources_services/redcap/redcap_change_log/\n2. https://github.com/ping-oui-no/Vulnerability-Research-CVESS/tree/main/RedCap", "creation_timestamp": "2025-01-10T11:06:12.000000Z"}]}