CVE-2024-30420

EPSS 0.21%
Published 22.05.2024 05:15:52
Last modified 12.05.2025 14:23:35
Source vultures@jpcert.or.jp
Teams watchlist Login
Open Login

Server-side request forgery (SSRF) vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series versions prior to Ver.3.0.32. If this vulnerability is exploited, a user with an administrator or higher privilege who can log in to the product may obtain arbitrary files on the server and information on the internal server that is not disclosed to the public.

Affected products Warnungen 0 Metrics 2 CWE 1 References 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Appleple ≫ A-blog Cms Version >= 3.0.0 < 3.0.32

Appleple ≫ A-blog Cms Version >= 3.1.0 < 3.1.12

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.21%	0.43

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
134c704f-9b21-4f2e-91b3-4a467353bcc0	4.4	0.7	3.6	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

https://developer.a-blogcms.jp/blog/news/JVN-70977403.html

Vendor Advisory

https://jvn.jp/en/jp/JVN70977403/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-30420

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-30420

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-30420

EUVD