CVE-2024-12840 - CERT CVE
ID CVE-2024-12840
Sažetak A server-side request forgery exists in Satellite. When a PUT HTTP request is made to /http_proxies/test_connection, when supplied with the http_proxies variable set to localhost, the attacker can fetch the localhost banner.
Reference
CVSS
Base: 5.0
Impact: 4.2
Exploitability:0.7
Pristup
VektorSloženostAutentikacija
NETWORK HIGH HIGH
Impact
PovjerljivostCjelovitostDostupnost
HIGH LOW NONE
CVSS vektor CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N
Zadnje važnije ažuriranje 20-12-2024 - 16:15
Objavljeno 20-12-2024 - 16:15