Lucene search

Veracode Vulnerability DatabaseVERACODE:48492

HistoryAug 20, 2024 - 5:51 a.m.

Server-Side Request Forgery (SSRF)

2024-08-2005:51:50

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

trufflehog

vulnerability

data validation

unauthorized request

CVSS3

3.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N

AI Score

6.7

Confidence

Low

EPSS

0.001

Percentile

17.7%

JSON

TruffleHog is vulnerable to unauthorized request execution. The vulnerability is due to insufficient validation of the data being scanned by TruffleHog’s detectors, which allows maliciously crafted data to trigger unauthorized requests to attacker-chosen endpoints.

References

github.com/advisories/GHSA-3r74-v83p-f4f4

github.com/trufflesecurity/trufflehog/commit/fe5624c70923355128868cffd647b6e2cfe11443

github.com/trufflesecurity/trufflehog/security/advisories/GHSA-3r74-v83p-f4f4

CVSS3

3.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N

AI Score

6.7

Confidence

Low

EPSS

0.001

Percentile

17.7%

JSON

Related for VERACODE:48492