CVE-2024-12840

CVSS 3.1 Score 5.0 of 10 (medium)

Details

Published Dec 20, 2024
CWE ID 918

Summary

CVE-2024-12840 is a server-side request forgery vulnerability affecting Satellite. An attacker can exploit this issue by making a specially crafted PUT request to the /http_proxies/test_connection endpoint, with the http_proxies variable set to localhost. As a result, the attacker can obtain the localhost banner, potentially gaining unauthorized information. This vulnerability poses a risk to systems that use Satellite and could lead to information disclosure if not addressed promptly.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share