CVE-2024-22217

A Server-Side Request Forgery (SSRF) vulnerability in Terminalfour before 8.3.19 allows authenticated users to use specific features to access internal services including sensitive information on the server that Terminalfour runs on.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://docs.terminalfour.com/articles/release-notes-highlights/	Vendor Advisory
https://docs.terminalfour.com/release-notes/security-notices/cve-2024-22217/	Release Notes

Configurations

Configuration 1 (hide)

cpe:2.3:a:terminalfour:terminalfour:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-08-15 18:15

Updated : 2025-03-24 17:15

NVD link : CVE-2024-22217

Mitre link : CVE-2024-22217

CVE.ORG link : CVE-2024-22217

JSON object : View

Products Affected

terminalfour

terminalfour

CWE

CWE-918

Server-Side Request Forgery (SSRF)

{"id": "CVE-2024-22217", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-08-15T18:15:19.090", "references": [{"url": "https://docs.terminalfour.com/articles/release-notes-highlights/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://docs.terminalfour.com/release-notes/security-notices/cve-2024-22217/", "tags": ["Release Notes"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-918"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "A Server-Side Request Forgery (SSRF) vulnerability in Terminalfour before 8.3.19 allows authenticated users to use specific features to access internal services including sensitive information on the server that Terminalfour runs on."}, {"lang": "es", "value": " Una vulnerabilidad de Server-Side Request Forgery (SSRF) en Terminalfour anterior a 8.3.19 permite a los usuarios autenticados utilizar funciones espec\u00edficas para acceder a servicios internos, incluida informaci\u00f3n confidencial en el servidor en el que se ejecuta Terminalfour."}], "lastModified": "2025-03-24T17:15:15.843", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:terminalfour:terminalfour:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5FEFBB62-F321-41DE-9209-56928DCEF596", "versionEndExcluding": "8.3.19"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}