CVE-2024-10306

EPSS 0.04%
Veröffentlicht 23.04.2025 09:59:49
Zuletzt bearbeitet 01.07.2025 03:15:20
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A vulnerability was found in mod_proxy_cluster. The issue is that the <Directory> directive should be replaced by the <Location> directive as the former does not restrict IP/host access as `Require ip IP_ADDRESS` would suggest. This means that anyone with access to the host might send MCMP requests that may result in adding/removing/updating nodes for the balancing. However, this host should not be accessible to the public network as it does not serve the general traffic.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 10

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Collection URLhttps://github.com/modcluster/mod_proxy_cluster

≫

Paket mod_proxy_cluster

Default Statusunaffected

Version < 1.3.21.Final

Version 1.3.17

Status affected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 10

Default Statusaffected

Version < *

Version 0:1.3.21-1.el10

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 10

Default Statusaffected

Version < *

Version 0:1.3.22-1.el10_0.2

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9

Default Statusaffected

Version < *

Version 0:1.3.22-1.el9_5.2

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9

Default Statusaffected

Version < *

Version 0:1.3.22-1.el9_6.1

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9.4 Extended Update Support

Default Statusaffected

Version < *

Version 0:1.3.22-1.el9_4.1

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Core Services

Default Statusaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Core Services

Default Statusaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.107

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	5.4	2.8	2.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://access.redhat.com/security/cve/CVE-2024-10306

https://bugzilla.redhat.com/show_bug.cgi?id=2321302

https://access.redhat.com/errata/RHBA-2025:5309

https://access.redhat.com/errata/RHBA-2025:2973

https://access.redhat.com/errata/RHSA-2025:9434

https://access.redhat.com/errata/RHSA-2025:9466

https://access.redhat.com/errata/RHSA-2025:9997

https://nvd.nist.gov/vuln/detail/CVE-2024-10306

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-10306

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-10306

EUVD