CVE-2024-52583 (GCVE-0-2024-52583)

Vulnerability from cvelistv5 – Published: 2024-11-18 20:35 – Updated: 2024-11-19 15:34
VLAI?
Title
WesHacks code includes links to Leostop tracking spyware infested files
Summary
The WesHacks GitHub repository provides the official Hackathon competition website source code for the Muweilah Wesgreen Hackathon. The page `schedule.html` before 17 November 2024 or commit 93dfb83 contains links to `Leostop`, a site that hosts a malicious injected JavaScript file that occurs when bootstrap is run as well as jquery. `Leostop` may be a tracking malware and creates 2 JavaScript files, but little else is known about it. The WesHacks website remove all references to `Leostop` as of 17 November 2024.
Severity ?
8.2 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
CWE
  • CWE-494 - Download of Code Without Integrity Check
Assigner
References
Impacted products
Vendor Product Version
DefinetlyNotAI WesHacks Affected: < 93dfb83
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-52583",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-19T15:34:10.408728Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-19T15:34:20.168Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WesHacks",
          "vendor": "DefinetlyNotAI",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 93dfb83"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The WesHacks GitHub repository provides the official Hackathon competition website source code for the Muweilah Wesgreen Hackathon. The page `schedule.html` before 17 November 2024 or commit 93dfb83 contains links to `Leostop`, a site that hosts a malicious injected JavaScript file that occurs when bootstrap is run as well as jquery. `Leostop` may be a tracking malware and creates 2 JavaScript files, but little else is known about it. The WesHacks website remove all references to `Leostop` as of 17 November 2024."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-494",
              "description": "CWE-494: Download of Code Without Integrity Check",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-18T20:35:16.220Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/DefinetlyNotAI/WesHacks/security/advisories/GHSA-462m-5c66-4pmh",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/DefinetlyNotAI/WesHacks/security/advisories/GHSA-462m-5c66-4pmh"
        },
        {
          "name": "https://github.com/DefinetlyNotAI/WesHacks/commit/93dfb83cb23a8d44e81dc12424ad8a5ea05e8f96",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/DefinetlyNotAI/WesHacks/commit/93dfb83cb23a8d44e81dc12424ad8a5ea05e8f96"
        },
        {
          "name": "https://github.com/DefinetlyNotAI/WesHacks/commit/ea5a4112d94bfe47beb74b8a1ba9b631d10f64f0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/DefinetlyNotAI/WesHacks/commit/ea5a4112d94bfe47beb74b8a1ba9b631d10f64f0"
        }
      ],
      "source": {
        "advisory": "GHSA-462m-5c66-4pmh",
        "discovery": "UNKNOWN"
      },
      "title": "WesHacks code includes links to Leostop tracking spyware infested files"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-52583",
    "datePublished": "2024-11-18T20:35:16.220Z",
    "dateReserved": "2024-11-14T15:05:46.766Z",
    "dateUpdated": "2024-11-19T15:34:20.168Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2024-52583",
      "date": "2026-04-27",
      "epss": "0.00229",
      "percentile": "0.45543"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-52583\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-11-18T21:15:06.810\",\"lastModified\":\"2024-11-19T21:57:32.967\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The WesHacks GitHub repository provides the official Hackathon competition website source code for the Muweilah Wesgreen Hackathon. The page `schedule.html` before 17 November 2024 or commit 93dfb83 contains links to `Leostop`, a site that hosts a malicious injected JavaScript file that occurs when bootstrap is run as well as jquery. `Leostop` may be a tracking malware and creates 2 JavaScript files, but little else is known about it. The WesHacks website remove all references to `Leostop` as of 17 November 2024.\"},{\"lang\":\"es\",\"value\":\"El repositorio de GitHub de WesHacks proporciona el c\u00f3digo fuente del sitio web oficial de la competencia de hackathon para el hackathon de Muweilah Wesgreen. La p\u00e1gina `schedule.html` antes del 17 de noviembre de 2024 o el commit 93dfb83 contiene enlaces a `Leostop`, un sitio que aloja un archivo JavaScript malicioso inyectado que se produce cuando se ejecuta bootstrap y jquery. `Leostop` puede ser un malware de seguimiento y crea 2 archivos JavaScript, pero poco m\u00e1s se sabe al respecto. El sitio web de WesHacks elimina todas las referencias a `Leostop` a partir del 17 de noviembre de 2024.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N\",\"baseScore\":8.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":4.7}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-494\"}]}],\"references\":[{\"url\":\"https://github.com/DefinetlyNotAI/WesHacks/commit/93dfb83cb23a8d44e81dc12424ad8a5ea05e8f96\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/DefinetlyNotAI/WesHacks/commit/ea5a4112d94bfe47beb74b8a1ba9b631d10f64f0\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/DefinetlyNotAI/WesHacks/security/advisories/GHSA-462m-5c66-4pmh\",\"source\":\"security-advisories@github.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-52583\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-19T15:34:10.408728Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-19T15:34:16.348Z\"}}], \"cna\": {\"title\": \"WesHacks code includes links to Leostop tracking spyware infested files\", \"source\": {\"advisory\": \"GHSA-462m-5c66-4pmh\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"DefinetlyNotAI\", \"product\": \"WesHacks\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 93dfb83\"}]}], \"references\": [{\"url\": \"https://github.com/DefinetlyNotAI/WesHacks/security/advisories/GHSA-462m-5c66-4pmh\", \"name\": \"https://github.com/DefinetlyNotAI/WesHacks/security/advisories/GHSA-462m-5c66-4pmh\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/DefinetlyNotAI/WesHacks/commit/93dfb83cb23a8d44e81dc12424ad8a5ea05e8f96\", \"name\": \"https://github.com/DefinetlyNotAI/WesHacks/commit/93dfb83cb23a8d44e81dc12424ad8a5ea05e8f96\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/DefinetlyNotAI/WesHacks/commit/ea5a4112d94bfe47beb74b8a1ba9b631d10f64f0\", \"name\": \"https://github.com/DefinetlyNotAI/WesHacks/commit/ea5a4112d94bfe47beb74b8a1ba9b631d10f64f0\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The WesHacks GitHub repository provides the official Hackathon competition website source code for the Muweilah Wesgreen Hackathon. The page `schedule.html` before 17 November 2024 or commit 93dfb83 contains links to `Leostop`, a site that hosts a malicious injected JavaScript file that occurs when bootstrap is run as well as jquery. `Leostop` may be a tracking malware and creates 2 JavaScript files, but little else is known about it. The WesHacks website remove all references to `Leostop` as of 17 November 2024.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-494\", \"description\": \"CWE-494: Download of Code Without Integrity Check\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-11-18T20:35:16.220Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-52583\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-19T15:34:20.168Z\", \"dateReserved\": \"2024-11-14T15:05:46.766Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-11-18T20:35:16.220Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.