{"id":"GHSA-4v9f-r55g-g6hc","summary":"Prefect CORS (Cross-Origin Resource Sharing) misconfiguration","details":"A CORS (Cross-Origin Resource Sharing) misconfiguration in prefecthq/prefect prior to version 3.0.3 allows unauthorized domains to access sensitive data. This vulnerability can lead to unauthorized access to the database, resulting in potential data leaks, loss of confidentiality, service disruption, and data integrity risks.","aliases":["CVE-2024-8183"],"modified":"2025-03-26T16:21:52.498302Z","published":"2025-03-20T12:32:47Z","database_specific":{"github_reviewed":true,"nvd_published_at":"2025-03-20T10:15:41Z","github_reviewed_at":"2025-03-20T20:43:33Z","severity":"HIGH","cwe_ids":["CWE-346"]},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-8183"},{"type":"WEB","url":"https://github.com/PrefectHQ/prefect/issues/15074"},{"type":"WEB","url":"https://github.com/PrefectHQ/prefect/commit/8f159b404126d93964a4daace7619bc553fa318c"},{"type":"WEB","url":"https://github.com/prefecthq/prefect/commit/a69266e077169b8a32ad76b1dd3ea63b96d011c2"},{"type":"PACKAGE","url":"https://github.com/PrefectHQ/prefect"},{"type":"WEB","url":"https://github.com/PrefectHQ/prefect/releases/tag/2.20.17"},{"type":"WEB","url":"https://huntr.com/bounties/b801de43-ff9f-4db9-b583-4797d4f7d3d2"}],"affected":[{"package":{"name":"prefect","ecosystem":"PyPI","purl":"pkg:pypi/prefect"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"3.0.0rc1"},{"fixed":"3.0.3"}]}],"versions":["3.0.0","3.0.0rc1","3.0.0rc10","3.0.0rc11","3.0.0rc12","3.0.0rc13","3.0.0rc14","3.0.0rc15","3.0.0rc16","3.0.0rc17","3.0.0rc18","3.0.0rc19","3.0.0rc2","3.0.0rc20","3.0.0rc3","3.0.0rc4","3.0.0rc5","3.0.0rc6","3.0.0rc7","3.0.0rc8","3.0.0rc9","3.0.1","3.0.2"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-4v9f-r55g-g6hc/GHSA-4v9f-r55g-g6hc.json"}},{"package":{"name":"prefect","ecosystem":"PyPI","purl":"pkg:pypi/prefect"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.20.17"}]}],"versions":["0.10.0","0.10.1","0.10.2","0.10.3","0.10.4","0.10.5","0.10.6","0.10.7","0.11.0","0.11.1","0.11.2","0.11.3","0.11.4","0.11.5","0.12.0","0.12.1","0.12.2","0.12.3","0.12.4","0.12.5","0.12.6","0.13.0","0.13.1","0.13.10","0.13.11","0.13.12","0.13.13","0.13.14","0.13.15","0.13.16","0.13.17","0.13.18","0.13.19","0.13.2","0.13.3","0.13.4","0.13.5","0.13.6","0.13.7","0.13.8","0.13.9","0.14.0","0.14.1","0.14.10","0.14.11","0.14.12","0.14.13","0.14.14","0.14.15","0.14.16","0.14.17","0.14.18","0.14.19","0.14.2","0.14.20","0.14.21","0.14.22","0.14.3","0.14.4","0.14.5","0.14.6","0.14.7","0.14.8","0.14.9","0.15.0","0.15.1","0.15.10","0.15.11","0.15.12","0.15.13","0.15.2","0.15.3","0.15.4","0.15.5","0.15.6","0.15.7","0.15.8","0.15.9","0.5.0","0.5.1","0.5.2","0.5.3","0.5.4","0.5.5","0.6.0","0.6.1","0.6.2","0.6.3","0.6.4","0.6.5","0.6.6","0.6.7","0.7.0","0.7.1","0.7.2","0.7.3","0.8.0","0.8.1","0.9.0","0.9.1","0.9.2","0.9.3","0.9.4","0.9.5","0.9.6","0.9.7","0.9.8","1.0.0","1.0rc1","1.1.0","1.2.0","1.2.1","1.2.2","1.2.3","1.2.4","1.3.0","1.3.1","1.4.0","1.4.1","2.0.0","2.0.1","2.0.2","2.0.3","2.0.4","2.0a1","2.0a10","2.0a11","2.0a12","2.0a13","2.0a2","2.0a3","2.0a4","2.0a5","2.0a6","2.0a7","2.0a8","2.0a9","2.0b1","2.0b10","2.0b11","2.0b12","2.0b13","2.0b14","2.0b15","2.0b16","2.0b2","2.0b3","2.0b4","2.0b5","2.0b6","2.0b7","2.0b8","2.0b9","2.1.0","2.1.1","2.10.0","2.10.1","2.10.10","2.10.11","2.10.12","2.10.13","2.10.14","2.10.15","2.10.16","2.10.17","2.10.18","2.10.19","2.10.2","2.10.20","2.10.21","2.10.3","2.10.4","2.10.5","2.10.6","2.10.7","2.10.8","2.10.9","2.11.0","2.11.1","2.11.2","2.11.3","2.11.4","2.11.5","2.12.0","2.12.1","2.13.0","2.13.1","2.13.2","2.13.3","2.13.4","2.13.5","2.13.6","2.13.7","2.13.8","2.14.0","2.14.1","2.14.10","2.14.11","2.14.12","2.14.13","2.14.14","2.14.15","2.14.16","2.14.17","2.14.18","2.14.19","2.14.2","2.14.20","2.14.21","2.14.3","2.14.4","2.14.5","2.14.6","2.14.8","2.14.9","2.15.0","2.16.0","2.16.1","2.16.2","2.16.3","2.16.4","2.16.5","2.16.6","2.16.7","2.16.8","2.16.9","2.17.0","2.17.1","2.18.0","2.18.1","2.18.2","2.18.3","2.19.0","2.19.1","2.19.2","2.19.3","2.19.4","2.19.5","2.19.6","2.19.7","2.19.8","2.19.9","2.2.0","2.20.0","2.20.1","2.20.10","2.20.11","2.20.12","2.20.13","2.20.14","2.20.15","2.20.16","2.20.2","2.20.3","2.20.4","2.20.5","2.20.6","2.20.7","2.20.8","2.20.9","2.3.0","2.3.1","2.3.2","2.4.0","2.4.1","2.4.2","2.4.3","2.4.4","2.4.5","2.5.0","2.6.0","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.6.6","2.6.7","2.6.8","2.6.9","2.7.0","2.7.1","2.7.10","2.7.11","2.7.12","2.7.2","2.7.3","2.7.4","2.7.5","2.7.6","2.7.7","2.7.8","2.7.9","2.8.0","2.8.1","2.8.2","2.8.3","2.8.4","2.8.5","2.8.6","2.8.7","2.9.0"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-4v9f-r55g-g6hc/GHSA-4v9f-r55g-g6hc.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L"}]}