{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-36471", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2024-05-28T15:56:51.451Z", "datePublished": "2024-06-10T21:55:06.170Z", "dateUpdated": "2024-06-11T17:34:55.238Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Apache Allura", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "1.16.0", "status": "affected", "version": "1.0.1", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "truff https://x.com/truffzor"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div>Import functionality is vulnerable to DNS rebinding attacks between verification and processing of the URL.&nbsp; Project administrators can run these imports, which could cause Allura to read from internal services and expose them.<br></div><div><br></div><div>This issue affects Apache Allura from 1.0.1 through 1.16.0.</div><p></p><p>Users are recommended to upgrade to version 1.17.0, which fixes the issue. If you are unable to upgrade, set \"disable_entry_points.allura.importers = forge-tracker, forge-discussion\" in your .ini config file.<br></p><br>"}], "value": "Import functionality is vulnerable to DNS rebinding attacks between verification and processing of the URL.\u00a0 Project administrators can run these imports, which could cause Allura to read from internal services and expose them.\n\nThis issue affects Apache Allura from 1.0.1 through 1.16.0.\n\nUsers are recommended to upgrade to version 1.17.0, which fixes the issue. If you are unable to upgrade, set \"disable_entry_points.allura.importers = forge-tracker, forge-discussion\" in your .ini config file.\n\n"}], "metrics": [{"other": {"content": {"text": "important"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2024-06-10T21:55:06.170Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/g43164t4bcp0tjwt4opxyks4svm8kvbh"}], "source": {"discovery": "EXTERNAL"}, "title": "Apache Allura: sensitive information exposure via DNS rebinding", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "apache", "product": "allura", "cpes": ["cpe:2.3:a:apache:allura:1.0.1:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.0.1", "status": "affected", "lessThanOrEqual": "1.16.0", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-06-11T17:34:29.289181Z", "id": "CVE-2024-36471", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-11T17:34:55.238Z"}}]}}

{"descriptions": [{"lang": "en", "value": "Import functionality is vulnerable to DNS rebinding attacks between verification and processing of the URL.\u00a0 Project administrators can run these imports, which could cause Allura to read from internal services and expose them.\n\nThis issue affects Apache Allura from 1.0.1 through 1.16.0.\n\nUsers are recommended to upgrade to version 1.17.0, which fixes the issue. If you are unable to upgrade, set \"disable_entry_points.allura.importers = forge-tracker, forge-discussion\" in your .ini config file.\n\n"}, {"lang": "es", "value": "La funcionalidad de importaci\u00f3n es vulnerable a ataques de revinculaci\u00f3n de DNS entre la verificaci\u00f3n y el procesamiento de la URL. Los administradores de proyectos pueden ejecutar estas importaciones, lo que podr\u00eda hacer que Allura lea servicios internos y los exponga. Este problema afecta a Apache Allura desde la versi\u00f3n 1.0.1 hasta la 1.16.0. Se recomienda a los usuarios actualizar a la versi\u00f3n 1.17.0, que soluciona el problema. Si no puede actualizar, configure \"disable_entry_points.allura.importers = forge-tracker, forge-discussion\" en su archivo de configuraci\u00f3n .ini."}], "id": "CVE-2024-36471", "lastModified": "2024-06-11T13:54:12.057", "metrics": {}, "published": "2024-06-10T22:15:11.893", "references": [{"source": "security@apache.org", "url": "https://lists.apache.org/thread/g43164t4bcp0tjwt4opxyks4svm8kvbh"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-918"}], "source": "security@apache.org", "type": "Primary"}]}

{}