CVE-2024-0601

Exploit

EPSS 0.14%
Published 16.01.2024 22:15:37
Last modified 21.11.2024 08:46:58
Source cna@vuldb.com
Teams watchlist Login
Open Login

A vulnerability was found in ZhongFuCheng3y Austin 1.0. It has been rated as critical. Affected by this issue is the function getRemoteUrl2File of the file src\main\java\com\java3y\austin\support\utils\AustinFileUtils.java of the component Email Message Template Handler. The manipulation leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250838 is the identifier assigned to this vulnerability.

Affected products Warnungen 0 Metrics 4 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Zhongfucheng3y ≫ Austin Version1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.14%	0.35

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
cna@vuldb.com	6.3	2.8	3.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cna@vuldb.com	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

https://github.com/biantaibao/Austin_SSRF/blob/main/SSRF.md

Exploit

https://vuldb.com/?ctiid.250838

Third Party Advisory

https://vuldb.com/?id.250838

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-0601

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-0601

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-0601

EUVD