PrivX before 34.0 allows data exfiltration and denial of service via the REST API. This is fixed in minor versions 33.1, 32.3, 31.3, and later, and in major version 34.0 and later,
References
Link | Resource |
---|---|
https://info.ssh.com/improper-input-validation-faq | Exploit Vendor Advisory |
https://privx.docs.ssh.com/docs/security | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
12 Aug 2024, 16:13
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:ssh:privx:*:*:*:*:*:*:*:* cpe:2.3:a:ssh:privx:33.0:*:*:*:*:*:*:* |
|
Summary |
|
|
First Time |
Ssh
Ssh privx |
|
References | () https://info.ssh.com/improper-input-validation-faq - Exploit, Vendor Advisory | |
References | () https://privx.docs.ssh.com/docs/security - Vendor Advisory | |
CWE | NVD-CWE-noinfo | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.1 |
06 Aug 2024, 16:35
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CWE | CWE-400 |
06 Aug 2024, 14:16
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-06 14:16
Updated : 2024-08-12 16:13
NVD link : CVE-2024-30170
Mitre link : CVE-2024-30170
CVE.ORG link : CVE-2024-30170
JSON object : View
Products Affected
ssh
- privx
CWE