Lucene search

MitreVULNRICHMENT:CVE-2024-30170

HistoryAug 06, 2024 - 12:00 a.m.

CVE-2024-30170

2024-08-0600:00:00

mitre

github.com

privx

data exfiltration

denial of service

vulnerability

rest api

fixed

minor versions

major version

AI Score

Confidence

High

EPSS

0.001

Percentile

42.2%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

PrivX before 34.0 allows data exfiltration and denial of service via the REST API. This is fixed in minor versions 33.1, 32.3, 31.3, and later, and in major version 34.0 and later,

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:privx:privx:*:*:*:*:*:*:*:*"
    ],
    "vendor": "privx",
    "product": "privx",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "34.0",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

info.ssh.com/improper-input-validation-faq

privx.docs.ssh.com/docs/security