प्लेटफ़ॉर्म
other
घटक
akana-api-platform
में ठीक किया गया
2022.1.1 (CVE-2024-2796 Patch)
2022.1.2 (CVE-2024-2796 Patch)
2024.1.0
2022.1.3.2
A server-side request forgery (SSRF) vulnerability has been identified in Akana API Platform versions prior to and including 2022.1.3. This flaw allows an attacker to manipulate the application into making requests to unintended internal or external resources, potentially leading to unauthorized access and data exposure. The vulnerability affects versions 0.0.0 through 2024.1.0, and a patch is available in version 2024.1.0.
The SSRF vulnerability in Akana API Platform allows an attacker to craft malicious requests that the server will execute on their behalf. This can be exploited to access internal services and resources that are not directly exposed to the internet, such as internal databases, configuration files, or administrative interfaces. An attacker could potentially read sensitive data, modify configurations, or even gain control of the underlying infrastructure. The impact is particularly severe if the API Platform is used to manage sensitive data or integrate with critical internal systems. Successful exploitation could lead to a complete compromise of the API Platform and potentially the entire network.
This vulnerability was reported by Jakob Antonsson. As of the current date, there are no publicly available proof-of-concept exploits. The vulnerability is not currently listed on the CISA KEV catalog. The public disclosure date is 2024-04-18, indicating a relatively recent discovery and potential for ongoing investigation and exploitation.
Organizations utilizing Akana API Platform for managing APIs, particularly those with sensitive data or integrations with internal systems, are at risk. Environments with older, unpatched versions of the platform (prior to 2022.1.3) are especially vulnerable.
disclosure
एक्सप्लॉइट स्थिति
EPSS
0.29% (52% शतमक)
CVSS वेक्टर
The primary mitigation for CVE-2024-2796 is to upgrade to Akana API Platform version 2024.1.0 or later, which contains the fix. If upgrading immediately is not possible, consider implementing temporary workarounds such as restricting outbound network access from the API Platform to only necessary destinations. Implement strict input validation and sanitization to prevent attackers from manipulating the request URLs. Consider deploying a Web Application Firewall (WAF) with SSRF protection rules to filter malicious requests. Monitor API Platform logs for unusual outbound requests that may indicate exploitation attempts.
अकाना एपीआई प्लेटफॉर्म को 2024.1.0 या बाद के संस्करण में अपडेट करें। यदि आप तुरंत अपडेट नहीं कर सकते हैं तो 2022.1.1 और 2022.1.2 संस्करणों के लिए उपलब्ध CVE-2024-2796 पैच लागू करें। विस्तृत निर्देशों के लिए विक्रेता सुरक्षा सलाहकार देखें।
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2024-2796 is a critical server-side request forgery vulnerability in Akana API Platform versions 0.0.0–2024.1.0, allowing attackers to make requests to unintended resources.
If you are using Akana API Platform versions 0.0.0 through 2024.1.0, you are potentially affected by this SSRF vulnerability.
Upgrade to Akana API Platform version 2024.1.0 or later to resolve the vulnerability. Consider temporary workarounds if immediate upgrade is not possible.
As of the current date, there are no confirmed reports of active exploitation, but the vulnerability is publicly known and could be targeted.
Refer to the Akana API Platform security advisories for the most up-to-date information and official guidance regarding CVE-2024-2796.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।