Lucene search
K

Fides Privacy Center ≤ 2.39.1 - Server-Side URL Disclosure

🗓️ 09 Jul 2026 03:01:09Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 10 Views

Fides Privacy Center discloses SERVER_SIDE_FIDES_API_URL via unauthenticated GET in versions 2.19.0 to 2.39.1; update to 2.39.2rc0.

Related
Refs
Code
id: CVE-2024-31223

info:
  name: Fides Privacy Center ≤ 2.39.1 - Server-Side URL Disclosure
  author: hnd3884
  severity: medium
  description: |
    Fides versions 2.19.0 to before 2.39.2rc0 contain an information disclosure caused by unauthenticated HTTP GET request to the Privacy Center, letting attackers access the SERVER_SIDE_FIDES_API_URL, which may reveal server configuration details, exploit requires no authentication.
  impact: |
    Attackers can obtain server-side URLs, revealing private IPs, ports, and domain names, potentially aiding further targeted attacks.
  remediation: |
    Update to version 2.39.2rc0 or later.
  reference:
    - https://github.com/ethyca/fides/commit/0555080541f18a5aacff452c590ac9a1b56d7097
    - https://github.com/ethyca/fides/security/advisories/GHSA-53q7-4874-24qg
    - https://nvd.nist.gov/vuln/detail/CVE-2024-31223
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2024-31223
    cwe-id: CWE-497
    epss-score: 0.01114
    epss-percentile: 0.62071
    cpe: cpe:2.3:a:ethyca:fides:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    shodan-query: html:"SERVER_SIDE_FIDES_API_URL"
  tags: cve,cve2024,vuln,ethyca,fides,disclosure,vkev

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "SERVER_SIDE_FIDES_API_URL"

      - type: status
        status:
          - 200

    extractors:
      - type: regex
        name: server_side_fides_api_url
        group: 1
        regex:
          - '"SERVER_SIDE_FIDES_API_URL":"(.+?)"'
# digest: 4b0a00483046022100efc52268f6160ce3764abd1de74da04feddca6081cd1f8e73e6c149450b4ac19022100d3de9f88a72de2de6bb2254978c3ff0abe08becd1d0feedd4b1a403931b64d5b:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
5.9Medium risk
Vulners AI Score5.9
CVSS 3.15.3
EPSS0.01114
SSVC
10