Server-Side Request Forgery Vulnerability in JPress by JPress Projects
CVE-2024-46468

7.5HIGH

Key Information:

Vendor: JPress Projects
Status: JPress
Vendor: CVE Published:; 11 October 2024

🔔 Create JPress Projects Vulnerability Alert

What is CVE-2024-46468?

A Server-Side Request Forgery (SSRF) vulnerability exists in the JPress platform, specifically in versions up to 5.1.1. This vulnerability allows an attacker to manipulate server requests to access sensitive internal resources. By exploiting this flaw, an attacker can potentially retrieve private information that should not be exposed, thereby leading to critical information disclosure risks. Organizations using affected versions should prioritize applying patches and mitigations to safeguard against this vulnerability.

References

https://github.com/JPressProjects/jpress/issues/190

https://gist.github.com/ilikeoyt/b396bbb9ef858105c46e9996...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 11, 2024
Vulnerability Reserved
Sep 11, 2024

CVE-2024-46468 Data

JSON