Vulnerability Description
Tencent Blueking CMDB v3.2.x to v3.9.x was discovered to contain a Server-Side Request Forgery (SSRF) via the event subscription function (/service/subscription.go). This vulnerability allows attackers to access internal requests via a crafted POST request.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tencent | Blueking Configuration Management Database | >= 3.2.2, <= 3.9.47 |
Related Weaknesses (CWE)
References
- http://blueking.comProduct
- http://tencent.comProduct
- https://gist.github.com/exp1orer/0f190c6a64b668a9b1c4c47789affa09Third Party Advisory
- https://sphenoid-enquiry-9be.notion.site/BK-CMDB-SSRF-ba21e94f4976460188fa52d26cExploit
- http://blueking.comProduct
- http://tencent.comProduct
- https://gist.github.com/exp1orer/0f190c6a64b668a9b1c4c47789affa09Third Party Advisory
- https://sphenoid-enquiry-9be.notion.site/BK-CMDB-SSRF-ba21e94f4976460188fa52d26cExploit
FAQ
What is CVE-2024-22873?
CVE-2024-22873 is a vulnerability with a CVSS score of 8.1 (HIGH). Tencent Blueking CMDB v3.2.x to v3.9.x was discovered to contain a Server-Side Request Forgery (SSRF) via the event subscription function (/service/subscription.go). This vulnerability allows attacker...
How severe is CVE-2024-22873?
CVE-2024-22873 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-22873?
Check the references section above for vendor advisories and patch information. Affected products include: Tencent Blueking Configuration Management Database.