CVE-2024-36471 (GCVE-0-2024-36471)
Vulnerability from cvelistv5 – Published: 2024-06-10 21:55 – Updated: 2024-09-13 16:03
VLAI?
Title
Apache Allura: sensitive information exposure via DNS rebinding
Summary
Import functionality is vulnerable to DNS rebinding attacks between verification and processing of the URL. Project administrators can run these imports, which could cause Allura to read from internal services and expose them.
This issue affects Apache Allura from 1.0.1 through 1.16.0.
Users are recommended to upgrade to version 1.17.0, which fixes the issue. If you are unable to upgrade, set "disable_entry_points.allura.importers = forge-tracker, forge-discussion" in your .ini config file.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Allura |
Affected:
1.0.1 , ≤ 1.16.0
(semver)
|
Credits
truff https://x.com/truffzor
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:allura:1.0.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "allura",
"vendor": "apache",
"versions": [
{
"lessThanOrEqual": "1.16.0",
"status": "affected",
"version": "1.0.1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36471",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T17:34:29.289181Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T17:34:55.238Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-09-13T16:03:21.981Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/g43164t4bcp0tjwt4opxyks4svm8kvbh"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/06/10/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Allura",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.16.0",
"status": "affected",
"version": "1.0.1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "truff https://x.com/truffzor"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eImport functionality is vulnerable to DNS rebinding attacks between verification and processing of the URL.\u0026nbsp; Project administrators can run these imports, which could cause Allura to read from internal services and expose them.\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThis issue affects Apache Allura from 1.0.1 through 1.16.0.\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 1.17.0, which fixes the issue. If you are unable to upgrade, set \"disable_entry_points.allura.importers = forge-tracker, forge-discussion\" in your .ini config file.\u003cbr\u003e\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "Import functionality is vulnerable to DNS rebinding attacks between verification and processing of the URL.\u00a0 Project administrators can run these imports, which could cause Allura to read from internal services and expose them.\n\nThis issue affects Apache Allura from 1.0.1 through 1.16.0.\n\nUsers are recommended to upgrade to version 1.17.0, which fixes the issue. If you are unable to upgrade, set \"disable_entry_points.allura.importers = forge-tracker, forge-discussion\" in your .ini config file.\n\n"
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T21:55:06.170Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/g43164t4bcp0tjwt4opxyks4svm8kvbh"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Allura: sensitive information exposure via DNS rebinding",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-36471",
"datePublished": "2024-06-10T21:55:06.170Z",
"dateReserved": "2024-05-28T15:56:51.451Z",
"dateUpdated": "2024-09-13T16:03:21.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"Import functionality is vulnerable to DNS rebinding attacks between verification and processing of the URL.\\u00a0 Project administrators can run these imports, which could cause Allura to read from internal services and expose them.\\n\\nThis issue affects Apache Allura from 1.0.1 through 1.16.0.\\n\\nUsers are recommended to upgrade to version 1.17.0, which fixes the issue. If you are unable to upgrade, set \\\"disable_entry_points.allura.importers = forge-tracker, forge-discussion\\\" in your .ini config file.\\n\\n\"}, {\"lang\": \"es\", \"value\": \"La funcionalidad de importaci\\u00f3n es vulnerable a ataques de revinculaci\\u00f3n de DNS entre la verificaci\\u00f3n y el procesamiento de la URL. Los administradores de proyectos pueden ejecutar estas importaciones, lo que podr\\u00eda hacer que Allura lea servicios internos y los exponga. Este problema afecta a Apache Allura desde la versi\\u00f3n 1.0.1 hasta la 1.16.0. Se recomienda a los usuarios actualizar a la versi\\u00f3n 1.17.0, que soluciona el problema. Si no puede actualizar, configure \\\"disable_entry_points.allura.importers = forge-tracker, forge-discussion\\\" en su archivo de configuraci\\u00f3n .ini.\"}]",
"id": "CVE-2024-36471",
"lastModified": "2024-11-21T09:22:14.553",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
"published": "2024-06-10T22:15:11.893",
"references": "[{\"url\": \"https://lists.apache.org/thread/g43164t4bcp0tjwt4opxyks4svm8kvbh\", \"source\": \"security@apache.org\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/06/10/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread/g43164t4bcp0tjwt4opxyks4svm8kvbh\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"security@apache.org\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}, {\"lang\": \"en\", \"value\": \"CWE-200\"}, {\"lang\": \"en\", \"value\": \"CWE-918\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-36471\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2024-06-10T22:15:11.893\",\"lastModified\":\"2025-07-15T16:36:48.790\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Import functionality is vulnerable to DNS rebinding attacks between verification and processing of the URL.\u00a0 Project administrators can run these imports, which could cause Allura to read from internal services and expose them.\\n\\nThis issue affects Apache Allura from 1.0.1 through 1.16.0.\\n\\nUsers are recommended to upgrade to version 1.17.0, which fixes the issue. If you are unable to upgrade, set \\\"disable_entry_points.allura.importers = forge-tracker, forge-discussion\\\" in your .ini config file.\\n\\n\"},{\"lang\":\"es\",\"value\":\"La funcionalidad de importaci\u00f3n es vulnerable a ataques de revinculaci\u00f3n de DNS entre la verificaci\u00f3n y el procesamiento de la URL. Los administradores de proyectos pueden ejecutar estas importaciones, lo que podr\u00eda hacer que Allura lea servicios internos y los exponga. Este problema afecta a Apache Allura desde la versi\u00f3n 1.0.1 hasta la 1.16.0. Se recomienda a los usuarios actualizar a la versi\u00f3n 1.17.0, que soluciona el problema. Si no puede actualizar, configure \\\"disable_entry_points.allura.importers = forge-tracker, forge-discussion\\\" en su archivo de configuraci\u00f3n .ini.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"},{\"lang\":\"en\",\"value\":\"CWE-200\"},{\"lang\":\"en\",\"value\":\"CWE-918\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:allura:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0.1\",\"versionEndExcluding\":\"1.17.0\",\"matchCriteriaId\":\"76E69316-1D72-4CBB-AA0C-100B63D70004\"}]}]}],\"references\":[{\"url\":\"https://lists.apache.org/thread/g43164t4bcp0tjwt4opxyks4svm8kvbh\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/06/10/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread/g43164t4bcp0tjwt4opxyks4svm8kvbh\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.apache.org/thread/g43164t4bcp0tjwt4opxyks4svm8kvbh\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/06/10/1\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-09-13T16:03:21.981Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-36471\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-06-11T17:34:29.289181Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:apache:allura:1.0.1:*:*:*:*:*:*:*\"], \"vendor\": \"apache\", \"product\": \"allura\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0.1\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.16.0\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-06-11T17:33:35.549Z\"}}], \"cna\": {\"title\": \"Apache Allura: sensitive information exposure via DNS rebinding\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"truff https://x.com/truffzor\"}], \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"important\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Allura\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0.1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"1.16.0\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://lists.apache.org/thread/g43164t4bcp0tjwt4opxyks4svm8kvbh\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Import functionality is vulnerable to DNS rebinding attacks between verification and processing of the URL.\\u00a0 Project administrators can run these imports, which could cause Allura to read from internal services and expose them.\\n\\nThis issue affects Apache Allura from 1.0.1 through 1.16.0.\\n\\nUsers are recommended to upgrade to version 1.17.0, which fixes the issue. If you are unable to upgrade, set \\\"disable_entry_points.allura.importers = forge-tracker, forge-discussion\\\" in your .ini config file.\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cdiv\u003eImport functionality is vulnerable to DNS rebinding attacks between verification and processing of the URL.\u0026nbsp; Project administrators can run these imports, which could cause Allura to read from internal services and expose them.\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThis issue affects Apache Allura from 1.0.1 through 1.16.0.\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 1.17.0, which fixes the issue. If you are unable to upgrade, set \\\"disable_entry_points.allura.importers = forge-tracker, forge-discussion\\\" in your .ini config file.\u003cbr\u003e\u003c/p\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20 Improper Input Validation\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-200\", \"description\": \"CWE-200 Exposure of Sensitive Information to an Unauthorized Actor\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-918\", \"description\": \"CWE-918 Server-Side Request Forgery (SSRF)\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2024-06-10T21:55:06.170Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-36471\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-13T16:03:21.981Z\", \"dateReserved\": \"2024-05-28T15:56:51.451Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2024-06-10T21:55:06.170Z\", \"assignerShortName\": \"apache\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…