CVE-2024-41664
CVSS 3.1 Score 5.4 of 10 (medium)
Details
Summary
CVE-2024-41664: Canarytokens.org was previously vulnerable to a Blind Server-Side Request Forgery (SSRF) in its Webhook alert feature. When creating a Canarytoken, users could supply a webhook URL for alert notifications. The site made a test request to ensure the URL accepted alert notifications, but no safety checks were applied, enabling attackers to perform SSRF attacks. This vulnerability allowed attackers to map out open ports within Canarytokens.org's infrastructure without revealing the response content to the creating user. Canarytokens.org has since patched this issue. Self-hosted Canarytokens installations can be updated by pulling the latest Docker image or any image after sha-097d91a.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.