Users with low privileges can perform certain AJAX actions. In this vulnerability instance, improper access to ajax?action=plugin:focus:checkIframeAvailability leads to a Server-Side Request Forgery by analyzing the error messages returned from the back-end. Allowing an attacker to perform a port scan in the back-end. At the time of publication of the CVE no patch is available.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: NCSC.ch
Published: 2024-04-10T13:59:46.536Z
Updated: 2024-08-01T20:12:07.447Z
Reserved: 2024-04-08T08:27:37.805Z
Link: CVE-2024-3448
Vulnrichment
Updated: 2024-08-01T20:12:07.447Z
NVD
Status : Awaiting Analysis
Published: 2024-04-10T14:15:07.937
Modified: 2024-11-21T09:29:37.777
Link: CVE-2024-3448
Redhat
No data.