CVE-2024-30170

PrivX before 34.0 allows data exfiltration and denial of service via the REST API. This is fixed in minor versions 33.1, 32.3, 31.3, and later, and in major version 34.0 and later,
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ssh:privx:*:*:*:*:*:*:*:*
cpe:2.3:a:ssh:privx:*:*:*:*:*:*:*:*
cpe:2.3:a:ssh:privx:33.0:*:*:*:*:*:*:*

History

12 Aug 2024, 16:13

Type Values Removed Values Added
CWE NVD-CWE-noinfo
Summary
  • (es) PrivX anterior a 34.0 permite la filtración de datos y la denegación de servicio a través de la API REST. Esto se solucionó en las versiones menores 33.1, 32.3, 31.3 y posteriores, y en la versión principal 34.0 y posteriores.
First Time Ssh privx
Ssh
CVSS v2 : unknown
v3 : 7.5
v2 : unknown
v3 : 9.1
CPE cpe:2.3:a:ssh:privx:*:*:*:*:*:*:*:*
cpe:2.3:a:ssh:privx:33.0:*:*:*:*:*:*:*
References () https://info.ssh.com/improper-input-validation-faq - () https://info.ssh.com/improper-input-validation-faq - Exploit, Vendor Advisory
References () https://privx.docs.ssh.com/docs/security - () https://privx.docs.ssh.com/docs/security - Vendor Advisory

06 Aug 2024, 16:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
CWE CWE-400

06 Aug 2024, 14:16

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-06 14:16

Updated : 2024-08-12 16:13


NVD link : CVE-2024-30170

Mitre link : CVE-2024-30170

CVE.ORG link : CVE-2024-30170


JSON object : View

Products Affected

ssh

  • privx
CWE
NVD-CWE-noinfo CWE-400

Uncontrolled Resource Consumption