Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2024-31218
Deferred
More InfoOfficial Page
Source-security-advisories@github.com
View Known Exploited Vulnerability (KEV) details
Published At-05 Apr, 2024 | 15:15
Updated At-15 Apr, 2026 | 00:35

Webhood is a self-hosted URL scanner used analyzing phishing and malicious sites. Webhood's backend container images in versions 0.9.0 and earlier are subject to Missing Authentication for Critical Function vulnerability. This vulnerability allows an unauthenticated attacker to send a HTTP request to the database (Pocketbase) admin API to create an admin account. The Pocketbase admin API does not check for authentication/authorization when creating an admin account when no admin accounts have been added. In its default deployment, Webhood does not create a database admin account. Therefore, unless users have manually created an admin account in the database, an admin account will not exist in the deployment and the deployment is vulnerable. Versions starting from 0.9.1 are patched. The patch creates a randomly generated admin account if admin accounts have not already been created i.e. the vulnerability is exploitable in the deployment. As a workaround, users can disable access to URL path starting with `/api/admins` entirely. With this workaround, the vulnerability is not exploitable via network.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-306Secondarysecurity-advisories@github.com
CWE ID: CWE-306
Type: Secondary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/webhood-io/webhood/commit/735e7fa2814edeec9a2c07778ed51b3c018609f9security-advisories@github.com
N/A
https://github.com/webhood-io/webhood/security/advisories/GHSA-h533-rxhm-73j2security-advisories@github.com
N/A
https://github.com/webhood-io/webhood/commit/735e7fa2814edeec9a2c07778ed51b3c018609f9af854a3a-2127-422b-91ae-364da2661108
N/A
https://github.com/webhood-io/webhood/security/advisories/GHSA-h533-rxhm-73j2af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://github.com/webhood-io/webhood/commit/735e7fa2814edeec9a2c07778ed51b3c018609f9
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/webhood-io/webhood/security/advisories/GHSA-h533-rxhm-73j2
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/webhood-io/webhood/commit/735e7fa2814edeec9a2c07778ed51b3c018609f9
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://github.com/webhood-io/webhood/security/advisories/GHSA-h533-rxhm-73j2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Change History
0Changes found
Details not found