Lucene search
PerforceVULNRICHMENT:CVE-2024-2796HistoryApr 18, 2024 - 3:04 p.m.
CVE-2024-2796 SSRF in Akana API Platform
2024-04-1815:04:56
CWE-918
Perforce
github.com
ssrf
akana api
vulnerability
2022.1.3
jakob antonsson
CVSS3
9.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
AI Score
7
Confidence
High
SSVC
Exploitation
none
Automatable
yes
Technical Impact
partial
A server-side request forgery (SSRF) was discovered in the Akana API Platform in versions prior to and including 2022.1.3. Reported by Jakob Antonsson.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:akana:akana_api_platform:*:*:*:*:*:*:*:*"
],
"vendor": "akana",
"product": "akana_api_platform",
"versions": [
{
"status": "affected",
"version": "2022.1.1",
"lessThan": "2022.1.1",
"versionType": "semver"
},
{
"status": "affected",
"version": "2022.1.2",
"lessThan": "2022.1.2",
"versionType": "semver"
},
{
"status": "affected",
"version": "2022.1.3",
"lessThan": "2022.1.3",
"versionType": "semver"
},
{
"status": "affected",
"version": "0.0.0",
"lessThan": "2024.1.0",
"versionType": "semver"
}
],
"defaultStatus": "unknown"
}
]Related
cve
cve
CVE-2024-2796
2024-04-18 15:15:29
nvd
nvd
CVE-2024-2796
2024-04-18 15:15:29
cvelist
cvelist
CVE-2024-2796 SSRF in Akana API Platform
2024-04-18 15:04:56
CVSS3
9.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
AI Score
7
Confidence
High
SSVC
Exploitation
none
Automatable
yes
Technical Impact
partial
Related for VULNRICHMENT:CVE-2024-2796