Hush Line is an open-source whistleblower management system. Starting in version 0.1.0 and prior to version 0.3.5, the productions server appeared to have been misconfigured and missed providing any content security policy or security headers. This could result in bypassing of cross-site scripting filters. Version 0.3.5 fixed the issue.
Metrics
Affected Vendors & Products
References
History
Fri, 13 Dec 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 12 Dec 2024 19:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Hush Line is an open-source whistleblower management system. Starting in version 0.1.0 and prior to version 0.3.5, the productions server appeared to have been misconfigured and missed providing any content security policy or security headers. This could result in bypassing of cross-site scripting filters. Version 0.3.5 fixed the issue. | |
Title | Content Security Policy appears to be missing in software and production setup | |
Weaknesses | CWE-1021 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-12-12T19:28:15.795Z
Updated: 2024-12-13T15:40:32.295Z
Reserved: 2024-12-12T15:00:38.902Z
Link: CVE-2024-55888
Vulnrichment
Updated: 2024-12-13T15:40:28.008Z
NVD
Status : Received
Published: 2024-12-12T20:15:22.017
Modified: 2024-12-12T20:15:22.017
Link: CVE-2024-55888
Redhat
No data.