Server-Side Request Forgery Vulnerability in JPress by JPress Projects
CVE-2024-46468

Currently unrated

Key Information:

Vendor: JPress Projects
Status: JPress
Vendor: CVE Published:; 11 October 2024

Summary

A Server-Side Request Forgery (SSRF) vulnerability exists in the JPress platform, specifically in versions up to 5.1.1. This vulnerability allows an attacker to manipulate server requests to access sensitive internal resources. By exploiting this flaw, an attacker can potentially retrieve private information that should not be exposed, thereby leading to critical information disclosure risks. Organizations using affected versions should prioritize applying patches and mitigations to safeguard against this vulnerability.

References

https://github.com/JPressProjects/jpress/issues/190

https://gist.github.com/ilikeoyt/b396bbb9ef858105c46e9996...

Timeline

Vulnerability published
Oct 11, 2024
Vulnerability Reserved
Sep 11, 2024