A Server-Side Request Forgery (SSRF) vulnerability in Terminalfour before 8.3.19 allows authenticated users to use specific features to access internal services including sensitive information on the server that Terminalfour runs on.
References
| Link | Resource |
|---|---|
| https://docs.terminalfour.com/articles/release-notes-highlights/ | Vendor Advisory |
| https://docs.terminalfour.com/release-notes/security-notices/cve-2024-22217/ | Release Notes |
Configurations
History
11 Sep 2024, 13:19
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-918 | |
| CPE | cpe:2.3:a:terminalfour:terminalfour:*:*:*:*:*:*:*:* | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
| First Time |
Terminalfour
Terminalfour terminalfour |
|
| References | () https://docs.terminalfour.com/articles/release-notes-highlights/ - Vendor Advisory | |
| References | () https://docs.terminalfour.com/release-notes/security-notices/cve-2024-22217/ - Release Notes |
19 Aug 2024, 13:00
| Type | Values Removed | Values Added |
|---|---|---|
| Summary |
|
15 Aug 2024, 18:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-08-15 18:15
Updated : 2024-09-11 13:19
NVD link : CVE-2024-22217
Mitre link : CVE-2024-22217
CVE.ORG link : CVE-2024-22217
JSON object : View
Products Affected
terminalfour
- terminalfour
CWE
CWE-918
Server-Side Request Forgery (SSRF)