How severe is CVE-2024-56311?

CVE-2024-56311 has a CVSS v3 score of 8.8 (HIGH).

CVE-2024-56311

Name: redcap
Author: vanderbilt

8.8HIGH

REDCap through 14.9.6 has a security flaw in the Notes section of calendar events, exposing users to a Cross-Site Request Forgery (CSRF) attack. An attacker can exploit this by luring users into acces

Published: 12/22/2024Updated: 4/22/2025

Description

REDCap through 14.9.6 has a security flaw in the Notes section of calendar events, exposing users to a Cross-Site Request Forgery (CSRF) attack. An attacker can exploit this by luring users into accessing a calendar event's notes, which triggers a logout request and terminates their session. This vulnerability stems from the absence of CSRF protections on the logout functionality, allowing malicious actions to be executed without user consent.

AI AnalysisPowered by AI

Affected Products

vanderbiltredcap

References

https://github.com/ping-oui-no/Vulnerability-Research-CVESS/tree/main/RedCap
ExploitThird Party Advisory
https://www.evms.edu/research/resources_services/redcap/redcap_change_log/
Product