Server-Side Request Forgery Vulnerability in Antabot White-Jotter
CVE-2024-13029

5.3MEDIUM

Key Information:

Vendor
Antabot
Status
White-jotter
Vendor
CVE Published:
30 December 2024

Summary

A vulnerability has been identified in Antabot White-Jotter, specifically affecting the Edit Book Handler component within the application. The flaw occurs due to improper handling in the /admin/content/book file, enabling an attacker to conduct server-side request forgery (SSRF) attacks. Remote exploitation of this vulnerability is possible, allowing unauthorized access or manipulation of internal resources. The details of this exploit have been publicly disclosed, heightening the urgency for users to patch their systems against potential misuse.

Affected Version(s)

White-Jotter 0.2.0

White-Jotter 0.2.1

White-Jotter 0.2.2

References

https://vuldb.com/?id.289722
vdb-entry
https://vuldb.com/?ctiid.289722
signaturepermissions-required
https://vuldb.com/?submit.465942
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

Credit

vastzero (VulDB User)
.