CVE-2024-0601 - OpenCVE

A vulnerability was found in ZhongFuCheng3y Austin 1.0. It has been rated as critical. Affected by this issue is the function getRemoteUrl2File of the file src\main\java\com\java3y\austin\support\utils\AustinFileUtils.java of the component Email Message Template Handler. The manipulation leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250838 is the identifier assigned to this vulnerability.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Zhongfucheng3y	Austin

Configuration 1 [-]

cpe:2.3:a:zhongfucheng3y:austin:1.0:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/biantaibao/Austin_SSRF/blob/main/SSRF.md	Exploit
https://vuldb.com/?ctiid.250838	Third Party Advisory
https://vuldb.com/?id.250838	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: VulDB

Published: 2024-01-16T21:31:03.842Z

Updated: 2024-01-16T21:31:03.842Z

Reserved: 2024-01-16T15:35:11.506Z

Link: CVE-2024-0601

JSON object: View

NVD Information

Status : Modified

Published: 2024-01-16T22:15:37.800

Modified: 2024-05-17T02:34:48.877

Link: CVE-2024-0601

JSON object: View

Redhat Information

No data.

CWE

CWE-918

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2024-0601", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2024-01-16T15:35:11.506Z", "datePublished": "2024-01-16T21:31:03.842Z", "dateUpdated": "2024-01-16T21:31:03.842Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-01-16T21:31:03.842Z"}, "title": "ZhongFuCheng3y Austin Email Message Template AustinFileUtils.java getRemoteUrl2File server-side request forgery", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-918", "lang": "en", "description": "CWE-918 Server-Side Request Forgery"}]}], "affected": [{"vendor": "ZhongFuCheng3y", "product": "Austin", "versions": [{"version": "1.0", "status": "affected"}], "modules": ["Email Message Template Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in ZhongFuCheng3y Austin 1.0. It has been rated as critical. Affected by this issue is the function getRemoteUrl2File of the file src\\main\\java\\com\\java3y\\austin\\support\\utils\\AustinFileUtils.java of the component Email Message Template Handler. The manipulation leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250838 is the identifier assigned to this vulnerability."}, {"lang": "de", "value": "Eine kritische Schwachstelle wurde in ZhongFuCheng3y Austin 1.0 ausgemacht. Betroffen davon ist die Funktion getRemoteUrl2File der Datei src\\main\\java\\com\\java3y\\austin\\support\\utils\\AustinFileUtils.java der Komponente Email Message Template Handler. Mittels dem Manipulieren mit unbekannten Daten kann eine server-side request forgery-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "timeline": [{"time": "2024-01-16T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2024-01-16T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-01-16T16:40:23.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "biantaibao (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.250838", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.250838", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/biantaibao/Austin_SSRF/blob/main/SSRF.md", "tags": ["exploit"]}]}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zhongfucheng3y:austin:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "1CF4B35B-AC48-4E91-9D46-001BFE70A187", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in ZhongFuCheng3y Austin 1.0. It has been rated as critical. Affected by this issue is the function getRemoteUrl2File of the file src\\main\\java\\com\\java3y\\austin\\support\\utils\\AustinFileUtils.java of the component Email Message Template Handler. The manipulation leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250838 is the identifier assigned to this vulnerability."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en ZhongFuCheng3y Austin 1.0. Ha sido calificada como cr\u00edtica. La funci\u00f3n getRemoteUrl2File del archivo src\\main\\java\\com\\java3y\\austin\\support\\utils\\AustinFileUtils.java del componente Email Message Template Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a server-side request forgery. El ataque puede lanzarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-250838 es el identificador asignado a esta vulnerabilidad."}], "id": "CVE-2024-0601", "lastModified": "2024-05-17T02:34:48.877", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2024-01-16T22:15:37.800", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit"], "url": "https://github.com/biantaibao/Austin_SSRF/blob/main/SSRF.md"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?ctiid.250838"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.250838"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-918"}], "source": "cna@vuldb.com", "type": "Secondary"}]}