CVE-2024-22873

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-22873

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-22873.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-22873

Published

2024-02-26T16:27:56Z

Modified

2025-06-10T03:59:46.372027Z

Summary

[none]

Details

Tencent Blueking CMDB v3.2.x to v3.9.x was discovered to contain a Server-Side Request Forgery (SSRF) via the event subscription function (/service/subscription.go). This vulnerability allows attackers to access internal requests via a crafted POST request.

References

Affected packages

Git / github.com/tencentblueking/bk-cmdb

Affected ranges

Type: GIT
Repo: https://github.com/tencentblueking/bk-cmdb
Events: Introduced

56c432d2bd77bdaa756231e7a0a8bed0db360700

Last affected

cd0cc085de0d37d234aa8cde5c912d50605e1fd5

Affected versions

release-v3.*

release-v3.2.2

release-v3.2.3

release-v3.2.4

release-v3.2.5

release-v3.2.6

release-v3.4.2

release-v3.4.3

release-v3.5.1

release-v3.5.10

release-v3.5.11

release-v3.5.12

release-v3.5.13

release-v3.5.14

release-v3.5.15

release-v3.5.16

release-v3.5.17

release-v3.5.18

release-v3.5.19

release-v3.5.2

release-v3.5.20

release-v3.5.21

release-v3.5.22

release-v3.5.23

release-v3.5.24

release-v3.5.25

release-v3.5.26

release-v3.5.27

release-v3.5.28

release-v3.5.3

release-v3.5.4

release-v3.5.5

release-v3.5.6

release-v3.5.7

release-v3.5.8

release-v3.5.9

release-v3.6.1

release-v3.6.2

release-v3.6.3

release-v3.6.4

release-v3.6.5

release-v3.7.1

release-v3.7.2

release-v3.7.3

release-v3.7.4

release-v3.7.5

release-v3.7.6

release-v3.7.7

release-v3.8.1

release-v3.8.10

release-v3.8.11

release-v3.8.12

release-v3.8.13

release-v3.8.14

release-v3.8.2

release-v3.8.3

release-v3.8.4

release-v3.8.5

release-v3.8.6

release-v3.8.7

release-v3.8.8

release-v3.8.9

release-v3.9.1

release-v3.9.10

release-v3.9.11

release-v3.9.12

release-v3.9.13

release-v3.9.14

release-v3.9.15

release-v3.9.16

release-v3.9.17

release-v3.9.18

release-v3.9.19

release-v3.9.2

release-v3.9.20

release-v3.9.21

release-v3.9.22

release-v3.9.23

release-v3.9.24

release-v3.9.25

release-v3.9.26

release-v3.9.27

release-v3.9.28

release-v3.9.29

release-v3.9.3

release-v3.9.30

release-v3.9.31

release-v3.9.32

release-v3.9.33

release-v3.9.34

release-v3.9.35

release-v3.9.36

release-v3.9.37

release-v3.9.38

release-v3.9.39

release-v3.9.4

release-v3.9.40

release-v3.9.41

release-v3.9.42

release-v3.9.43

release-v3.9.44

release-v3.9.45

release-v3.9.46

release-v3.9.47

release-v3.9.5

release-v3.9.6

release-v3.9.7

release-v3.9.8

release-v3.9.9