CVE-2024-0601 - Vulnerability Details - OpenCVE

A vulnerability was found in ZhongFuCheng3y Austin 1.0. It has been rated as critical. Affected by this issue is the function getRemoteUrl2File of the file src\main\java\com\java3y\austin\support\utils\AustinFileUtils.java of the component Email Message Template Handler. The manipulation leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250838 is the identifier assigned to this vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Zhongfucheng3y	Austin

Configuration 1 [-]

cpe:2.3:a:zhongfucheng3y:austin:1.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/biantaibao/Austin_SSRF/blob/main/SSRF.md
https://vuldb.com/?ctiid.250838
https://vuldb.com/?id.250838

History

No history.

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-01-16T21:31:03.842Z

Updated: 2024-08-01T18:11:35.634Z

Reserved: 2024-01-16T15:35:11.506Z

Link: CVE-2024-0601

Vulnrichment

No data.

NVD

Status : Modified

Published: 2024-01-16T22:15:37.800

Modified: 2024-11-21T08:46:58.667

Link: CVE-2024-0601

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-0601", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2024-01-16T15:35:11.506Z", "datePublished": "2024-01-16T21:31:03.842Z", "dateUpdated": "2024-08-01T18:11:35.634Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-01-16T21:31:03.842Z"}, "title": "ZhongFuCheng3y Austin Email Message Template AustinFileUtils.java getRemoteUrl2File server-side request forgery", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-918", "lang": "en", "description": "CWE-918 Server-Side Request Forgery"}]}], "affected": [{"vendor": "ZhongFuCheng3y", "product": "Austin", "versions": [{"version": "1.0", "status": "affected"}], "modules": ["Email Message Template Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in ZhongFuCheng3y Austin 1.0. It has been rated as critical. Affected by this issue is the function getRemoteUrl2File of the file src\\main\\java\\com\\java3y\\austin\\support\\utils\\AustinFileUtils.java of the component Email Message Template Handler. The manipulation leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250838 is the identifier assigned to this vulnerability."}, {"lang": "de", "value": "Eine kritische Schwachstelle wurde in ZhongFuCheng3y Austin 1.0 ausgemacht. Betroffen davon ist die Funktion getRemoteUrl2File der Datei src\\main\\java\\com\\java3y\\austin\\support\\utils\\AustinFileUtils.java der Komponente Email Message Template Handler. Mittels dem Manipulieren mit unbekannten Daten kann eine server-side request forgery-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "timeline": [{"time": "2024-01-16T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2024-01-16T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-01-16T16:40:23.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "biantaibao (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.250838", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.250838", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/biantaibao/Austin_SSRF/blob/main/SSRF.md", "tags": ["exploit"]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:11:35.634Z"}, "title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.250838", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.250838", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://github.com/biantaibao/Austin_SSRF/blob/main/SSRF.md", "tags": ["exploit", "x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zhongfucheng3y:austin:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "1CF4B35B-AC48-4E91-9D46-001BFE70A187", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in ZhongFuCheng3y Austin 1.0. It has been rated as critical. Affected by this issue is the function getRemoteUrl2File of the file src\\main\\java\\com\\java3y\\austin\\support\\utils\\AustinFileUtils.java of the component Email Message Template Handler. The manipulation leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250838 is the identifier assigned to this vulnerability."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en ZhongFuCheng3y Austin 1.0. Ha sido calificada como cr\u00edtica. La funci\u00f3n getRemoteUrl2File del archivo src\\main\\java\\com\\java3y\\austin\\support\\utils\\AustinFileUtils.java del componente Email Message Template Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a server-side request forgery. El ataque puede lanzarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-250838 es el identificador asignado a esta vulnerabilidad."}], "id": "CVE-2024-0601", "lastModified": "2024-11-21T08:46:58.667", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2024-01-16T22:15:37.800", "references": [{"source": "[email protected]", "tags": ["Exploit"], "url": "https://github.com/biantaibao/Austin_SSRF/blob/main/SSRF.md"}, {"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?ctiid.250838"}, {"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.250838"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://github.com/biantaibao/Austin_SSRF/blob/main/SSRF.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?ctiid.250838"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.250838"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "[email protected]", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-918"}], "source": "[email protected]", "type": "Primary"}]}