CVE-2024-52588

{"id": "CVE-2024-52588", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-05-29T09:15:25.350", "references": [{"url": "https://github.com/strapi/strapi/security/advisories/GHSA-v8wj-f5c7-pvxf", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "Strapi is an open-source content management system. Prior to version 4.25.2, inputting a local domain into the Webhooks URL field leads to the application fetching itself, resulting in a server side request forgery (SSRF). This issue has been patched in version 4.25.2."}, {"lang": "es", "value": "Strapi es un sistema de gesti\u00f3n de contenido de c\u00f3digo abierto. Antes de la versi\u00f3n 4.25.2, introducir un dominio local en el campo URL de Webhooks provocaba que la aplicaci\u00f3n se recuperara a s\u00ed misma, lo que resultaba en un server side request forgery (SSRF). Este problema se ha corregido en la versi\u00f3n 4.25.2."}], "lastModified": "2025-06-24T18:27:42.593", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:strapi:strapi:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "128D5142-48F9-4B17-8D63-AEE69B8D1F41", "versionEndExcluding": "4.25.2"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}