Lucene search

ApacheVULNRICHMENT:CVE-2024-36471

HistoryJun 10, 2024 - 9:55 p.m.

CVE-2024-36471 Apache Allura: sensitive information exposure via DNS rebinding

2024-06-1021:55:06

CWE-200

CWE-918

CWE-20

apache

github.com

cve-2024-36471

apache allura

sensitive information exposure

dns rebinding

vulnerability

import functionality

upgrade to version 1.17.0

disable_entry_points

config file.

AI Score

Confidence

High

EPSS

Percentile

9.0%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

Import functionality is vulnerable to DNS rebinding attacks between verification and processing of the URL. Project administrators can run these imports, which could cause Allura to read from internal services and expose them.

This issue affects Apache Allura from 1.0.1 through 1.16.0.

Users are recommended to upgrade to version 1.17.0, which fixes the issue. If you are unable to upgrade, set “disable_entry_points.allura.importers = forge-tracker, forge-discussion” in your .ini config file.

CNA Affected

[
  {
    "vendor": "Apache Software Foundation",
    "product": "Apache Allura",
    "versions": [
      {
        "status": "affected",
        "version": "1.0.1",
        "versionType": "semver",
        "lessThanOrEqual": "1.16.0"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:apache:allura:1.0.1:*:*:*:*:*:*:*"
    ],
    "vendor": "apache",
    "product": "allura",
    "versions": [
      {
        "status": "affected",
        "version": "1.0.1",
        "versionType": "custom",
        "lessThanOrEqual": "1.16.0"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

lists.apache.org/thread/g43164t4bcp0tjwt4opxyks4svm8kvbh