Web Application Vulnerability in 2FAuth by Bubka
CVE-2024-52598

7.5HIGH

Key Information:

Vendor: Bubka
Status: 2FAuth
Vendor: CVE Published:; 20 November 2024

What is CVE-2024-52598?

The 2FAuth web application features a significant vulnerability that allows remote URI manipulation and exploits its image retrieval functionality. In version 5.4.1, the endpoint located at POST /api/v1/twofaccounts/preview can be exploited to make arbitrary GET requests to external URLs. This is due to inadequate filtering of URIs, which can be circumvented by appending #.svg to the URI. As a result, attackers can access internal and external URIs, undermining the application's security, particularly for text-based content. The release of version 5.4.1 addresses these interconnected vulnerabilities, reinforcing the integrity of the 2FA access management process.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/Bubka/2FAuth/security/advisories/GHSA-...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 20, 2024

JSON

Bubka

What is CVE-2024-52598?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.