- Description
- Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host.
- Source
- reefs@jfrog.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 6.5
- Impact score
- 3.7
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
- Severity
- MEDIUM
- reefs@jfrog.com
- CWE-918
- Hype score
- Not currently trending
Top 5 Trending CVEs: 1 - CVE-2024-49019 2 - CVE-2024-11477 3 - CVE-2024-49040 4 - CVE-2024-47208 5 - CVE-2024-10524 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
30 Nov 2024
74 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Wget の脆弱性 CVE-2024-10524 が FIX:短縮 URL による SSRF 攻撃の可能性 https://t.co/rIBV3lnXwj #GNU #JFrog #OpenSource #SSRF #Vulnerability #wget
@iototsecnews
29 Nov 2024
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A newly discovered flaw in #wget (#CVE-2024-10524) exposes systems to SSRF attacks, potentially enabling malicious actors to access private data. Find out how this vulnerability works and what steps to take to secure your environment. 👉 Learn more: https://t.co/OXKC4UNRhJ
@jfrog
22 Nov 2024
217 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10524 Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers ca… https://t.co/jKcEOs0IM3
@CVEnew
19 Nov 2024
315 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical 0-Day in GNU Wget Found: Our team uncovered #CVE-2024-10524, a vulnerability that enables phishing, #SSRF, and #MiTM attacks by exploiting Wget's shorthand URL handling. Patch it now with Wget 1.25.0! 👉 Learn more: https://t.co/g6l2Zbtdb5 https://t.co/jO1PKr3zLb
@JFrogSecurity
18 Nov 2024
1664 Impressions
5 Retweets
5 Likes
1 Bookmark
0 Replies
1 Quote