CVE-2024-3448
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Summary
CVE-2024-3448 is a Server-Side Request Forgery (SSRF) vulnerability that allows users with low privileges to gain unauthorized access to certain AJAX actions. In this specific instance, an attacker can exploit the vulnerability in the ajax?action=plugin:focus:checkIframeAvailability function, resulting in error messages being returned from the back-end. By analyzing these error messages, an attacker can perform a port scan on the back-end server, potentially gaining sensitive information or executing further attacks. At the time of publication, a patch for this vulnerability has not been released.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.