CVE-2024-27632

HIGH

Published Apr 8, 2024 Modified Sep 2, 2025 CWE-335

Description

An issue in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via the form_id in the form_header() function.

CVSS v3.1 Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weakness Type (CWE)

CWE-335 CWE-335

Affected Products

Vendor	Product	Versions
gnu	savane	< 3.13

References

Exploits

https://github.com/ally-petitt/CVE-2024-27632 https://medium.com/%40allypetitt/how-i-found-3-cves-in-2-days-8a135eb924d3 https://github.com/ally-petitt/CVE-2024-27632 https://medium.com/%40allypetitt/how-i-found-3-cves-in-2-days-8a135eb924d3

Frequently Asked Questions

What is CVE-2024-27632? +

An issue in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via the form_id in the form_header() function. It has a CVSS v3.1 base score of 8.8 (HIGH).

How severe is CVE-2024-27632? +

CVE-2024-27632 has a CVSS v3.1 score of 8.8 out of 10, rated HIGH. This is a high-severity vulnerability that should be prioritized for patching.

What products are affected by CVE-2024-27632? +

CVE-2024-27632 affects products from gnu, specifically: savane. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2024-27632? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2024-36048 9.8

QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through …

CVE-2023-4472 9.8

Objectplanet Opinio version 7.22 and prior uses a cryptographically weak pseudo-random number generator (PRNG) coupled to a predictable seed, which …

CVE-2024-7558 8.7

JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user …

CVE-2024-1579 8.1

Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Secomea GateManager (Webserver modules) allows Session Hijacking.This issue affects …

CVE-2026-41564 7.5

CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking. The Crypt::PK::RSA, Crypt::PK::DSA, Crypt::PK::DH, Crypt::PK::ECC, …

CVE-2025-27580 7.5

NIH BRICS (aka Biomedical Research Informatics Computing System) through 14.0.0-67 generates predictable tokens (that depend on username, time, and the …

Quick Facts

CVSS Score: 8.8
Severity: HIGH
Published: Apr 8, 2024

Scan for this vulnerability

Check if your website or infrastructure is affected by CVE-2024-27632.

Website Scan Port Scan

Browse CVEs

Critical High CISA KEV ! Most likely exploited →