CVE-2024-4219 | THREATINT

Description

Prior to 23.2, it is possible to perform arbitrary Server-Side requests via HTTP-based connectors within BeyondInsight, resulting in a server-side request forgery vulnerability.

Reserved 2024-04-25 | Published 2024-06-04 | Updated 2024-08-01 | Assigner BT

MEDIUM: 4.8CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L

Problem types

CWE-918 Server-Side Request Forgery (SSRF)

Product status

Default status

unaffected

Any version before 23.2

affected

Credits

Paolo Caminati finder

Daniele Montanaro finder

References

www.beyondtrust.com/trust-center/security-advisories/BT24-05

cve.org (CVE-2024-4219)

nvd.nist.gov (CVE-2024-4219)

Download JSON