CVE-2024-52579

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Published Dec 18, 2024
CWE ID 918
CWE ID 20

Summary

CVE-2024-52579 is a vulnerability affecting the Misskey open-source social media platform. The issue lies in certain APIs that fail to verify the target host when using `HttpRequestService`. An attacker can exploit this weakness by sending malicious POST or GET requests to internal servers. This vulnerability could lead to Server-Side Request Forgery (SSRF) attacks, allowing an attacker to access and potentially manipulate internal servers with private IP addresses. The vulnerability has been resolved in version 2024.11.0-alpha.3, and users are advised to upgrade as soon as possible. At present, there are no reported workarounds for this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share