CVE-2024-23734

Name of the Vulnerable Software and Affected Versions savignano S/Notify versions prior to 2.0.1 for Bitbucket

Description The issue allows attackers to replace S/MIME certificate or PGP keys for arbitrary users via a crafted link, exploiting a Cross Site Request Forgery vulnerability in the upload functionality of the User Profile pages.

Recommendations For versions prior to 2.0.1, update to version 2.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the upload functionality in the User Profile pages until the update is applied.