Lucene search

K
ubuntucveUbuntu.comUB:CVE-2024-22243
HistoryFeb 23, 2024 - 12:00 a.m.

CVE-2024-22243

2024-02-2300:00:00
ubuntu.com
ubuntu.com
39
cve-2024-22243
uricomponentsbuilder
url parsing
validation
open redirect
ssrf
unix

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

8.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

Applications that use UriComponentsBuilder to parse an externally provided
URL (e.g. through a query parameter) AND perform validation checks on the
host of the parsed URL may be vulnerable to a open redirect
https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack
if the URL is used after passing validation checks.

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

8.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%