Lucene search
@huntr_aiCVELIST:CVE-2024-0440HistoryFeb 25, 2024 - 7:00 p.m.
CVE-2024-0440 SSRF - file:// unsanitized access to underlying host files
2024-02-2519:00:42
CWE-918
@huntr_ai
www.cve.org
4
cve-2024-0440
ssrf
unsanitized access
file protocol
host files
CVSS3
9.6
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
AI Score
9.4
Confidence
High
EPSS
0
Percentile
9.0%
Attacker, with permission to submit a link or submits a link via POST to be collected that is using the file:// protocol can then introspect host files and other relatively stored files.
CNA Affected
[
{
"vendor": "mintplex-labs",
"product": "mintplex-labs/anything-llm",
"versions": [
{
"version": "unspecified",
"lessThan": "1.0.0",
"status": "affected",
"versionType": "custom"
}
]
}
]Related
prion
prion
Design/Logic Flaw
2024-02-26 16:27:00
nvd
nvd
CVE-2024-0440
2024-02-26 16:27:50
osv
osv
CVE-2024-0440
2024-02-26 16:27:50
vulnrichment
vulnrichment
CVE-2024-0440 SSRF - file:// unsanitized access to underlying host files
2024-02-25 19:00:42
cve
cve
CVE-2024-0440
2024-02-26 16:27:50
CVSS3
9.6
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
AI Score
9.4
Confidence
High
EPSS
0
Percentile
9.0%
Related for CVELIST:CVE-2024-0440