How severe is CVE-2024-23336?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5 out of 10.

What type of vulnerability is CVE-2024-23336?

This is classified as CWE-184, which is a common weakness in software security.

CVE-2024-23336

MEDIUM Year: 2024

CVSS v3 Score

5.0

Medium

Weakness Type

CWE-184

View all →

Vulnerability Description

MyBB is a free and open source forum software. The default list of disallowed remote hosts does not contain the `127.0.0.0/8` block, which may result in a Server-Side Request Forgery (SSRF) vulnerability. The Configuration File's _Disallowed Remote Addresses_ list (`$config['disallowed_remote_addresses']`) contains the address `127.0.0.1`, but does not include the complete block `127.0.0.0/8`. MyBB 1.8.38 resolves this issue in default installations. Administrators of installed boards should update the existing configuration (`inc/config.php`) to include all addresses blocked by default. Additionally, users are advised to verify that it includes any other IPv4 addresses resolving to the server and other internal resources. Users unable to upgrade may manually add 127.0.0.0/8' to their disallowed address list.

CVE-2024-5178

MEDIUM

CVSS:4.9(Medium)

ServiceNow has addressed a sensitive file read vulnerability that was identified in the Washington DC, Vancouver, and Utah Now Platform releases. This vulnerability could allow an administrative user ...

CWE-1842024

CVE-2021-25737

MEDIUM

CVSS:4.8(Medium)

A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or l...

CWE-1842021

CVE-2021-1255

MEDIUM

CVSS:5.4(Medium)

Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorizatio...

CWE-1842021

CVE-2024-28246

MEDIUM

CVSS:5.5(Medium)

KaTeX is a JavaScript library for TeX math rendering on the web. Code that uses KaTeX's `trust` option, specifically that provides a function to blacklist certain URL protocols, can be fooled by URLs ...

CWE-1842024

CVE-2016-6189

MEDIUM

CVSS:4.3(Medium)

Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the (1) ics or (2) XML calendar feeds.

CWE-1842016

CVE-2017-2602

MEDIUM

CVSS:4.3(Medium)

jenkins before versions 2.44, 2.32.2 is vulnerable to an improper blacklisting of the Pipeline metadata files in the agent-to-master security subsystem. This could allow metadata files to be written t...

CWE-1842017

CVE-2024-23336

Vulnerability Description

Related Vulnerabilities

CVE-2024-5178

CVE-2021-25737

CVE-2021-1255

CVE-2024-28246

CVE-2016-6189

CVE-2017-2602