CVE-2024-10524

Published Nov 19, 2024

Last updated 3 months ago

Overview

Description
Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host.
Source
reefs@jfrog.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
6.5
Impact score
3.7
Exploitability score
2.2
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
Severity
MEDIUM

Weaknesses

reefs@jfrog.com
CWE-918

Social media

Hype score
Not currently trending
  1. Top 5 Trending CVEs: 1 - CVE-2024-49019 2 - CVE-2024-11477 3 - CVE-2024-49040 4 - CVE-2024-47208 5 - CVE-2024-10524 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    30 Nov 2024

    74 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Wget の脆弱性 CVE-2024-10524 が FIX:短縮 URL による SSRF 攻撃の可能性 https://t.co/rIBV3lnXwj #GNU #JFrog #OpenSource #SSRF #Vulnerability #wget

    @iototsecnews

    29 Nov 2024

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. A newly discovered flaw in #wget (#CVE-2024-10524) exposes systems to SSRF attacks, potentially enabling malicious actors to access private data. Find out how this vulnerability works and what steps to take to secure your environment. 👉 Learn more: https://t.co/OXKC4UNRhJ

    @jfrog

    22 Nov 2024

    217 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2024-10524 Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers ca… https://t.co/jKcEOs0IM3

    @CVEnew

    19 Nov 2024

    315 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🚨 Critical 0-Day in GNU Wget Found: Our team uncovered #CVE-2024-10524, a vulnerability that enables phishing, #SSRF, and #MiTM attacks by exploiting Wget's shorthand URL handling. Patch it now with Wget 1.25.0! 👉 Learn more: https://t.co/g6l2Zbtdb5 https://t.co/jO1PKr3zLb

    @JFrogSecurity

    18 Nov 2024

    1664 Impressions

    5 Retweets

    5 Likes

    1 Bookmark

    0 Replies

    1 Quote