PrivX before 34.0 allows data exfiltration and denial of service via the REST API. This is fixed in minor versions 33.1, 32.3, 31.3, and later, and in major version 34.0 and later,
References
Link | Resource |
---|---|
https://info.ssh.com/improper-input-validation-faq | Exploit Vendor Advisory |
https://privx.docs.ssh.com/docs/security | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
12 Aug 2024, 16:13
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-noinfo | |
Summary |
|
|
First Time |
Ssh privx
Ssh |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.1 |
CPE | cpe:2.3:a:ssh:privx:*:*:*:*:*:*:*:* cpe:2.3:a:ssh:privx:33.0:*:*:*:*:*:*:* |
|
References | () https://info.ssh.com/improper-input-validation-faq - Exploit, Vendor Advisory | |
References | () https://privx.docs.ssh.com/docs/security - Vendor Advisory |
06 Aug 2024, 16:35
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CWE | CWE-400 |
06 Aug 2024, 14:16
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-06 14:16
Updated : 2024-08-12 16:13
NVD link : CVE-2024-30170
Mitre link : CVE-2024-30170
CVE.ORG link : CVE-2024-30170
JSON object : View
Products Affected
ssh
- privx
CWE