CVE-2024-52796

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Nov 20, 2024

Updated: Nov 21, 2024

CWE ID 770

Summary

CVE-2024-52796: A vulnerability was discovered in Password Pusher, an open-source communication tool. In versions prior to 1.49.0, the application's rate limiter could be bypassed by forging proxy headers, enabling bad actors to inundate the site with unlimited traffic and potentially cause a denial of service. The issue was resolved in version 1.49.0 by implementing a fix that only authorizes local IPs as proxies. As a temporary measure, users can add rules to their proxy and firewall to block external proxy headers such as `X-Forwarded-*` from clients.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/0klShW
https://www.cve.org/CVERecord?id=CVE-2024-52796
https://nvd.nist.gov/vuln/detail/CVE-2024-52796

Back to Vulnerability Database

CVE-2024-52796

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations