Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-30170

PrivX before 34.0 allows data exfiltration and denial of service via the REST API. This is fixed in minor versions 33.1, 32.3, 31.3, and later, and in major version 34.0 and later,

Published

2024-08-06T14:16:03.777

Last Modified

2024-08-12T16:13:53.803

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 9.1 (CRITICAL)

Weaknesses

Type: Primary
NVD-CWE-noinfo
Type: Secondary
CWE-400

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ssh	privx	< 31.3	Yes
Application	ssh	privx	< 32.3	Yes
Application	ssh	privx	33.0	Yes

References

https://info.ssh.com/improper-input-validation-faq Exploit, Vendor Advisory ([email protected])
https://privx.docs.ssh.com/docs/security Vendor Advisory ([email protected])