CVE-2024-22217

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

A

Server-Side Request Forgery (SSRF) vulnerability in Terminalfour before 8.3.19 allows authenticated users to use specific features to access internal services including sensitive information on the server that Terminalfour runs on.

References

Link	Resource
https://docs.terminalfour.com/articles/release-notes-highlights/	Vendor Advisory
https://docs.terminalfour.com/release-notes/security-notices/cve-2024-22217/	Release Notes

Configurations

Configuration 1 (hide)

cpe:2.3:a:terminalfour:terminalfour:*:*:*:*:*:*:*:*

History

11 Sep 2024, 13:19

Type	Values Removed	Values Added
First Time		Terminalfour terminalfour Terminalfour
CWE		CWE-918
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.5
CPE		cpe:2.3:a:terminalfour:terminalfour::::::::
References	~~() https://docs.terminalfour.com/articles/release-notes-highlights/ -~~	() https://docs.terminalfour.com/articles/release-notes-highlights/ - Vendor Advisory
References	~~() https://docs.terminalfour.com/release-notes/security-notices/cve-2024-22217/ -~~	() https://docs.terminalfour.com/release-notes/security-notices/cve-2024-22217/ - Release Notes

19 Aug 2024, 13:00

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-15 18:15

Updated : 2025-03-24 17:15

NVD link : CVE-2024-22217

Mitre link : CVE-2024-22217

CVE.ORG link : CVE-2024-22217

JSON object : View

Products Affected

terminalfour

terminalfour

CWE

CWE-918

Server-Side Request Forgery (SSRF)

{"id": "CVE-2024-22217", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-08-15T18:15:19.090", "references": [{"url": "https://docs.terminalfour.com/articles/release-notes-highlights/", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://docs.terminalfour.com/release-notes/security-notices/cve-2024-22217/", "tags": ["Release Notes"], "source": "[email protected]"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-918"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "A Server-Side Request Forgery (SSRF) vulnerability in Terminalfour before 8.3.19 allows authenticated users to use specific features to access internal services including sensitive information on the server that Terminalfour runs on."}, {"lang": "es", "value": " Una vulnerabilidad de Server-Side Request Forgery (SSRF) en Terminalfour anterior a 8.3.19 permite a los usuarios autenticados utilizar funciones espec\u00edficas para acceder a servicios internos, incluida informaci\u00f3n confidencial en el servidor en el que se ejecuta Terminalfour."}], "lastModified": "2025-03-24T17:15:15.843", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:terminalfour:terminalfour:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5FEFBB62-F321-41DE-9209-56928DCEF596", "versionEndExcluding": "8.3.19"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}