CVE-2024-30170

EUVD-2024-28106
PrivX before 34.0 allows data exfiltration and denial of service via the REST API. This is fixed in minor versions 33.1, 32.3, 31.3, and later, and in major version 34.0 and later,
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
Affected Products (NVD)
VendorProductVersion
sshprivx
22.0 ≤
𝑥
< 31.3
sshprivx
32.0 ≤
𝑥
< 32.3
sshprivx
33.0
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
privxprivx
𝑥
< 34.0
ADP
Common Weakness Enumeration
References
https://info.ssh.com/improper-input-validation-faq
https://privx.docs.ssh.com/docs/security