Overview
- Description
- PrivX before 34.0 allows data exfiltration and denial of service via the REST API. This is fixed in minor versions 33.1, 32.3, 31.3, and later, and in major version 34.0 and later,
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.1
- Impact score
- 5.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
- Severity
- CRITICAL
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-400
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ssh:privx:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5CF12CE6-5935-4A27-9358-F323902C9E7A",
"versionEndExcluding": "31.3",
"versionStartIncluding": "22.0"
},
{
"criteria": "cpe:2.3:a:ssh:privx:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0D2806F5-9289-44BA-A0CF-0A22CE10E81C",
"versionEndExcluding": "32.3",
"versionStartIncluding": "32.0"
},
{
"criteria": "cpe:2.3:a:ssh:privx:33.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1328E664-F872-4F77-A8B9-AB9E32D790DC"
}
],
"operator": "OR"
}
]
}
]