CVE-2024-30170

PrivX before 34.0 allows data exfiltration and denial of service via the REST API. This is fixed in minor versions 33.1, 32.3, 31.3, and later, and in major version 34.0 and later,
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ssh:privx:*:*:*:*:*:*:*:*
cpe:2.3:a:ssh:privx:*:*:*:*:*:*:*:*
cpe:2.3:a:ssh:privx:33.0:*:*:*:*:*:*:*

History

12 Aug 2024, 16:13

Type Values Removed Values Added
Summary
  • (es) PrivX anterior a 34.0 permite la filtración de datos y la denegación de servicio a través de la API REST. Esto se solucionó en las versiones menores 33.1, 32.3, 31.3 y posteriores, y en la versión principal 34.0 y posteriores.
CWE NVD-CWE-noinfo
CVSS v2 : unknown
v3 : 7.5
v2 : unknown
v3 : 9.1
CPE cpe:2.3:a:ssh:privx:*:*:*:*:*:*:*:*
cpe:2.3:a:ssh:privx:33.0:*:*:*:*:*:*:*
First Time Ssh
Ssh privx
References () https://info.ssh.com/improper-input-validation-faq - () https://info.ssh.com/improper-input-validation-faq - Exploit, Vendor Advisory
References () https://privx.docs.ssh.com/docs/security - () https://privx.docs.ssh.com/docs/security - Vendor Advisory

06 Aug 2024, 16:35

Type Values Removed Values Added
CWE CWE-400
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5

06 Aug 2024, 14:16

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-06 14:16

Updated : 2024-08-12 16:13


NVD link : CVE-2024-30170

Mitre link : CVE-2024-30170

CVE.ORG link : CVE-2024-30170


JSON object : View

Products Affected

ssh

  • privx
CWE
NVD-CWE-noinfo CWE-400

Uncontrolled Resource Consumption