Users with low privileges can perform certain AJAX actions. In this vulnerability instance, improper access to ajax?action=plugin:focus:checkIframeAvailability leads to a Server-Side Request Forgery by analyzing the error messages returned from the back-end. Allowing an attacker to perform a port scan in the back-end. At the time of publication of the CVE no patch is available.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: NCSC.ch

Published: 2024-04-10T13:59:46.536Z

Updated: 2024-08-01T20:12:07.447Z

Reserved: 2024-04-08T08:27:37.805Z

Link: CVE-2024-3448

cve-icon Vulnrichment

Updated: 2024-08-01T20:12:07.447Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-04-10T14:15:07.937

Modified: 2024-11-21T09:29:37.777

Link: CVE-2024-3448

cve-icon Redhat

No data.