Server-Side Request Forgery Vulnerability in QOS.CH Logback
CVE-2024-12801

Currently unrated

Key Information:

Vendor: Qos.ch Sarl
Status: Logback
Vendor: CVE Published:; 19 December 2024

🔔 Create Qos.ch Sarl Vulnerability Alert

What is CVE-2024-12801?

CVE-2024-12801 is a critical Server-Side Request Forgery (SSRF) vulnerability found in QOS.CH's Logback version 1.5.12, utilized on the Java platform. This flaw enables attackers to manipulate logback configuration files written in XML, potentially forging requests to unauthorized endpoints. By altering the DOCTYPE declaration within these XML files, an attacker can exploit the vulnerability to perform malicious actions, which could compromise sensitive data and systems relying on Logback for logging functionalities. Users of affected versions are strongly advised to upgrade to the latest version to mitigate risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

logback Java 0 < 1.5.12

logback Java 1.5.13

References

https://logback.qos.ch/news.html#1.5.13

Timeline

Vulnerability published
Dec 19, 2024
Vulnerability Reserved
Dec 19, 2024

Credit

7asecurity

JSON

Qos.ch Sarl