Server-Side Request Forgery Vulnerability in Red Hat Satellite
CVE-2024-12840

5MEDIUM

Key Information:

Vendor: Red Hat
Vendor: CVE Published:; 20 December 2024

What is CVE-2024-12840?

CVE-2024-12840 is a server-side request forgery (SSRF) vulnerability identified in Red Hat Satellite. This flaw allows an attacker to exploit a PUT HTTP request made to the /http_proxies/test_connection endpoint. By manipulating the http_proxies variable to resolve to localhost, the attacker can retrieve sensitive information, specifically the localhost banner. This could facilitate further attacks, leading to unauthorized access and data breaches if not promptly addressed. Users of affected versions of Red Hat Satellite are strongly advised to apply the recommended patches to mitigate this security risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://access.redhat.com/security/cve/CVE-2024-12840

https://bugzilla.redhat.com/show_bug.cgi?id=2333494

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 20, 2024

JSON

Red Hat

What is CVE-2024-12840?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.