CVE-2024-34453

{"id": "CVE-2024-34453", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2024-05-03T18:15:10.160", "references": [{"url": "https://github.com/tznb1/TwoNav/compare/v2.1.13-20240321...v2.1.14-20240419", "source": "cve@mitre.org"}, {"url": "https://github.com/tznb1/TwoNav/issues/9#issuecomment-2022194939", "source": "cve@mitre.org"}, {"url": "https://github.com/tznb1/TwoNav/compare/v2.1.13-20240321...v2.1.14-20240419", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/tznb1/TwoNav/issues/9#issuecomment-2022194939", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "TwoNav 2.1.13 contains an SSRF vulnerability via the url paramater to index.php?c=api&method=read_data&type=connectivity_test (which reaches /system/api.php)."}, {"lang": "es", "value": "TwoNav 2.1.13 contiene una vulnerabilidad SSRF a trav\u00e9s del par\u00e1metro de URL index.php?c=api&method=read_data&type=connectivity_test (que llega a /system/api.php)."}], "lastModified": "2024-11-21T09:18:42.560", "sourceIdentifier": "cve@mitre.org"}