Lucene search
HistoryFeb 26, 2024 - 4:27 p.m.
CVE-2024-0440
attacker exploitation
link submission
post request
introspection
file protocol
local file access
cve-2024-0440
CVSS3
9.6
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
AI Score
9.3
Confidence
High
EPSS
0
Percentile
9.0%
Attacker, with permission to submit a link or submits a link via POST to be collected that is using the file:// protocol can then introspect host files and other relatively stored files.
Related
prion
prion
Design/Logic Flaw
2024-02-26 16:27:00
cvelist
cvelist
CVE-2024-0440 SSRF - file:// unsanitized access to underlying host files
2024-02-25 19:00:42
osv
osv
CVE-2024-0440
2024-02-26 16:27:50
vulnrichment
vulnrichment
CVE-2024-0440 SSRF - file:// unsanitized access to underlying host files
2024-02-25 19:00:42
cve
cve
CVE-2024-0440
2024-02-26 16:27:50
CVSS3
9.6
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
AI Score
9.3
Confidence
High
EPSS
0
Percentile
9.0%
Related for NVD:CVE-2024-0440