CVE-2024-12840
CVSS 3.1 Score 5.0 of 10 (medium)
Details
Published Dec 20, 2024
CWE ID 918
Summary
CVE-2024-12840 is a server-side request forgery vulnerability affecting Satellite. An attacker can exploit this issue by making a specially crafted PUT request to the /http_proxies/test_connection endpoint, with the http_proxies variable set to localhost. As a result, the attacker can obtain the localhost banner, potentially gaining unauthorized information. This vulnerability poses a risk to systems that use Satellite and could lead to information disclosure if not addressed promptly.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share