CVE-2024-30170

PrivX before 34.0 allows data exfiltration and denial of service via the REST API. This is fixed in minor versions 33.1, 32.3, 31.3, and later, and in major version 34.0 and later,
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
mitreCNA
---
---
CISA-ADPADP
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 49%
VendorProductVersion
sshprivx
22.0 ≤
𝑥
< 31.3
sshprivx
32.0 ≤
𝑥
< 32.3
sshprivx
33.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://info.ssh.com/improper-input-validation-faq
https://privx.docs.ssh.com/docs/security