Fides is an open-source privacy engineering platform, and `SERVER_SIDE_FIDES_API_URL` is a server-side configuration environment variable used by the Fides Privacy Center to communicate with the Fides webserver backend. The value of this variable is a URL which typically includes a private IP address, private domain name, and/or port. A vulnerability present starting in version 2.19.0 and prior to version 2.39.2rc0 allows an unauthenticated attacker to make a HTTP GET request from the Privacy Center that discloses the value of this server-side URL. This could result in disclosure of server-side configuration giving an attacker information on server-side ports, private IP addresses, and/or private domain names. The vulnerability has been patched in Fides version 2.39.2rc0. No known workarounds are available.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 04 Sep 2025 14:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:ethyca:fides:*:*:*:*:*:*:*:*

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2024-08-02T01:46:04.901Z

Reserved: 2024-03-29T14:16:31.902Z

Link: CVE-2024-31223

cve-icon Vulnrichment

Updated: 2024-07-22T16:42:40.407Z

cve-icon NVD

Status : Analyzed

Published: 2024-07-03T18:15:05.097

Modified: 2025-09-04T14:07:17.867

Link: CVE-2024-31223

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.