CVE-2024-52598

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Nov 20, 2024

Updated: Nov 21, 2024

CWE ID 918

CWE ID 79

CWE ID 80

Summary

CVE-2024-52598 is a vulnerability affecting the 2FAuth web application in version 5.4.1. Two interconnected issues exist: a SSRF (Server-Side Request Forgery) and a URI validation bypass. The SSRF issue allows an attacker to force the application to make a GET request to a remote URI, while the URI validation bypass enables bypassing the filtering for image extensions. An attacker can exploit these vulnerabilities to retrieve text-based URIs accessible from the application, potentially gaining unauthorized access to sensitive information. Version 5.4.1 resolves these issues by fixing the underlying vulnerabilities.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database