CVE-2024-38164 — Vulnetix

CVE-2024-38164 PUBLISHED CVSS 9.600000381469727 CRITICAL

An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link.

EPSS 3.92% · 88.5th percentile

Risk Scores

CVSS v3.1

9.600000381469727

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C

EPSS Score

3.92%

88.5th percentile

Affected Products

Vendor	Product	Versions
microsoft	groupme	-
Microsoft	GroupMe	*

Timeline

Jul 9, 2024 CVE Published
Jul 23, 2024 CVE Updated
Jul 24, 2024 EPSS Score
Aug 14, 2024 EPSS Score
Sep 26, 2024 EPSS Score
Oct 4, 2024 Coalition ESS Score
Oct 18, 2024 EPSS Score
Nov 30, 2024 EPSS Score
Dec 22, 2024 EPSS Score
Jan 13, 2025 EPSS Score
Feb 25, 2025 EPSS Score
Feb 26, 2025 Coalition ESS Score

References

GroupMe Elevation of Privilege Vulnerability vendor-advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38176 advisory
https://nvd.nist.gov/vuln/detail/CVE-2024-38164 advisory

Open in Interactive Console →