Vulnerability Details CVE-2024-27092
Hoppscotch is an API development ecosystem. Due to lack of validation for fields like Label (Edit Team) - TeamName, bad actors can send emails with Spoofed Content as Hoppscotch. Part of payload (external link) is presented in clickable form - easier to achieve own goals by malicious actors. This issue is fixed in 2023.12.6.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 39.5%
CVSS Severity
CVSS v3 Score 5.4
References
- https://github.com/hoppscotch/hoppscotch/blob/main/packages/hoppscotch-backend/src/team-invitation/team-invitation.service.ts#L153
- https://github.com/hoppscotch/hoppscotch/commit/6827e97ec583b2534cdc1c2f33fa44973a0c2bf5
- https://github.com/hoppscotch/hoppscotch/security/advisories/GHSA-8r6h-8r68-q3pp
- https://github.com/hoppscotch/hoppscotch/blob/main/packages/hoppscotch-backend/src/team-invitation/team-invitation.service.ts#L153
- https://github.com/hoppscotch/hoppscotch/commit/6827e97ec583b2534cdc1c2f33fa44973a0c2bf5
- https://github.com/hoppscotch/hoppscotch/security/advisories/GHSA-8r6h-8r68-q3pp
Products affected by CVE-2024-27092
-
cpe:2.3:a:hoppscotch:hoppscotch:0.1.0
-
cpe:2.3:a:hoppscotch:hoppscotch:1.0.0
-
cpe:2.3:a:hoppscotch:hoppscotch:1.10.0
-
cpe:2.3:a:hoppscotch:hoppscotch:1.12.0
-
cpe:2.3:a:hoppscotch:hoppscotch:1.5.0
-
cpe:2.3:a:hoppscotch:hoppscotch:1.8.0
-
cpe:2.3:a:hoppscotch:hoppscotch:1.9.0
-
cpe:2.3:a:hoppscotch:hoppscotch:1.9.5
-
cpe:2.3:a:hoppscotch:hoppscotch:1.9.7
-
cpe:2.3:a:hoppscotch:hoppscotch:1.9.9
-
cpe:2.3:a:hoppscotch:hoppscotch:2.0.0
-
cpe:2.3:a:hoppscotch:hoppscotch:2.1.0
-
cpe:2.3:a:hoppscotch:hoppscotch:2023.12.0
-
cpe:2.3:a:hoppscotch:hoppscotch:2023.12.1
-
cpe:2.3:a:hoppscotch:hoppscotch:2023.12.2
-
cpe:2.3:a:hoppscotch:hoppscotch:2023.12.3
-
cpe:2.3:a:hoppscotch:hoppscotch:2023.12.4
-
cpe:2.3:a:hoppscotch:hoppscotch:2023.12.5
-
cpe:2.3:a:hoppscotch:hoppscotch:2023.4.0
-
cpe:2.3:a:hoppscotch:hoppscotch:2023.4.1
-
cpe:2.3:a:hoppscotch:hoppscotch:2023.4.2
-
cpe:2.3:a:hoppscotch:hoppscotch:2023.4.3
-
cpe:2.3:a:hoppscotch:hoppscotch:2023.4.4
-
cpe:2.3:a:hoppscotch:hoppscotch:2023.4.5
-
cpe:2.3:a:hoppscotch:hoppscotch:2023.4.6
-
cpe:2.3:a:hoppscotch:hoppscotch:2023.4.7
-
cpe:2.3:a:hoppscotch:hoppscotch:2023.4.8
-
cpe:2.3:a:hoppscotch:hoppscotch:2023.8.0
-
cpe:2.3:a:hoppscotch:hoppscotch:2023.8.1
-
cpe:2.3:a:hoppscotch:hoppscotch:2023.8.2
-
cpe:2.3:a:hoppscotch:hoppscotch:2023.8.3
-
cpe:2.3:a:hoppscotch:hoppscotch:2023.8.4