How severe is CVE-2024-52579?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.4 out of 10.

What type of vulnerability is CVE-2024-52579?

This is classified as CWE-20, which is a common weakness in software security.

CVE-2024-52579 - MEDIUM Severity | CVSS 6.4

Vulnerability Description

Misskey is an open source, federated social media platform. Some APIs using `HttpRequestService` do not properly check the target host. This vulnerability allows an attacker to send POST or GET requests to the internal server, which may result in a SSRF attack.It allows an attacker to send POST or GET requests (with some controllable URL parameters) to private IPs, enabling further attacks on internal servers. This issue has been addressed in version 2024.11.0-alpha.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Related Vulnerabilities

CVE-2012-0334

MEDIUM

CVSS:6.4(Medium)

Cisco IronPort Web Security Appliance AsyncOS software prior to 7.5 has a SSL Certificate Caching vulnerability which could allow man-in-the-middle attacks

CWE-202012

CVE-2016-8764

MEDIUM

CVSS:6.4(Medium)

The TrustZone driver in Huawei P9 phones with software Versions earlier than EVA-AL10C00B352 and P9 Lite with software VNS-L21C185B130 and earlier versions and P8 Lite with software ALE-L02C636B150 an...

CWE-202016

CVE-2017-12223

MEDIUM

CVSS:6.4(Medium)

A vulnerability in the ROM Monitor (ROMMON) code of Cisco IR800 Integrated Services Router Software could allow an unauthenticated, local attacker to boot an unsigned Hypervisor on an affected device ...

CWE-202017

CVE-2018-18558

MEDIUM

CVSS:6.4(Medium)

An issue was discovered in Espressif ESP-IDF 2.x and 3.x before 3.0.6 and 3.1.x before 3.1.1. Insufficient validation of input data in the 2nd stage bootloader allows a physically proximate attacker t...

CWE-202018

CVE-2020-6020

MEDIUM

CVSS:6.4(Medium)

Check Point Security Management's Internal CA web management before Jumbo HFAs R80.10 Take 278, R80.20 Take 160, R80.30 Take 210, and R80.40 Take 38, can be manipulated to run commands as a high privi...

CWE-202020

CVE-2021-1482

MEDIUM

CVSS:6.4(Medium)

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization checking and gain access to sensitive ...

CWE-202021