GSA_kwCzR0hTQS1mN2g1LWM2MjUtMzc5Nc4ABKN2

High CVSS: 8.9 EPSS: 0.00051% (0.15667 Percentile) EPSS:

Permalink JSON

Eclipse GlassFish is vulnerable to Server Side Request Forgery attacks through specific endpoints

Affected Packages	Affected Versions	Fixed Versions
maven:org.glassfish.main.admingui:console-common	<= 6.2.5	No known fixed version
12 Dependent packages 10 Dependent repositories Affected Version Ranges All affected versions 5.1.0, 6.0.0, 6.1.0, 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5

In Eclipse GlassFish version 6.2.5, it is possible to perform a Server Side Request Forgery attack using specific endpoints.

References:

https://nvd.nist.gov/vuln/detail/CVE-2024-9408
https://gitlab.eclipse.org/security/cve-assignement/-/issues/38
https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/239
https://github.com/advisories/GHSA-f7h5-c625-3795

Identifiers

GHSA-f7h5-c625-3795

CVE-2024-9408

Risk

Severity

High

CVSS

CVSS Score: 8.9

CVSS vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

EPSS

EPSS Percentage: 0.00051

EPSS Percentile: 0.15667

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Date and time

Published

14 days ago

Updated

12 days ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories