Hush Line is an open-source whistleblower management system. Starting in version 0.1.0 and prior to version 0.3.5, the productions server appeared to have been misconfigured and missed providing any content security policy or security headers. This could result in bypassing of cross-site scripting filters. Version 0.3.5 fixed the issue.
History

Fri, 13 Dec 2024 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 12 Dec 2024 19:45:00 +0000

Type Values Removed Values Added
Description Hush Line is an open-source whistleblower management system. Starting in version 0.1.0 and prior to version 0.3.5, the productions server appeared to have been misconfigured and missed providing any content security policy or security headers. This could result in bypassing of cross-site scripting filters. Version 0.3.5 fixed the issue.
Title Content Security Policy appears to be missing in software and production setup
Weaknesses CWE-1021
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-12-12T19:28:15.795Z

Updated: 2024-12-13T15:40:32.295Z

Reserved: 2024-12-12T15:00:38.902Z

Link: CVE-2024-55888

cve-icon Vulnrichment

Updated: 2024-12-13T15:40:28.008Z

cve-icon NVD

Status : Received

Published: 2024-12-12T20:15:22.017

Modified: 2024-12-12T20:15:22.017

Link: CVE-2024-55888

cve-icon Redhat

No data.