CVE-2024-34111

CWE-918Server-Side Request Forgery (SSRF)4 documents4 sources
Severity
8.8HIGH
EPSS
0.8%
top 26.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Magento Community-editionAdobe Adobe CommerceAdobe Commerce Webhooks+2 more
Timeline
PublishedJun 13

Description

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A low-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction..

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

CVEListV5adobe/adobe_commerce2.4.4-p8
NVDadobe/commerce_webhooks1.2.01.4.0
NVDadobe/commerce8 versions+7
NVDadobe/magento4 versions+3
Packagistmagento/community-edition2.4.6-p12.4.6-p6+2

🔴Vulnerability Details

3
OSV
Magento Open Source Server-Side Request Forgery (SSRF) vulnerability2024-06-13
CVEList
SSRF in service connector2024-06-13
GHSA
Magento Open Source Server-Side Request Forgery (SSRF) vulnerability2024-06-13
CVE-2024-34111 (HIGH CVSS 8.8) | Adobe Commerce versions 2.4.7 | cvebase.io