CVE-2024-31229 - Vulnerability Details - OpenCVE

Server-Side Request Forgery (SSRF) vulnerability in Really Simple Plugins Really Simple SSL.This issue affects Really Simple SSL: from n/a through 7.2.3.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00149.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Really-simple-plugins	Complianz

No data.

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2024-29125	Server-Side Request Forgery (SSRF) vulnerability in Really Simple Plugins Really Simple SSL.This issue affects Really Simple SSL: from n/a through 7.2.3.

Fixes

Solution

Update to 8.0.0 or a higher version.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://patchstack.com/database/vulnerability/really-simple-ssl/wordpress-really-simple-ssl-plugin-7-2-3-server-side-request-forgery-ssrf-vulnerability?_s_id=cve

History

No history.

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2024-04-18T10:28:28.168Z

Updated: 2024-08-02T01:46:04.959Z

Reserved: 2024-03-29T16:01:36.329Z

Link: CVE-2024-31229

Vulnrichment

Updated: 2024-04-23T15:09:55.347Z

NVD

Status : Awaiting Analysis

Published: 2024-04-18T11:15:37.513

Modified: 2024-11-21T09:13:05.090

Link: CVE-2024-31229

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-31229", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2024-03-29T16:01:36.329Z", "datePublished": "2024-04-18T10:28:28.168Z", "dateUpdated": "2024-08-02T01:46:04.959Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "really-simple-ssl", "product": "Really Simple SSL", "vendor": "Really Simple Plugins", "versions": [{"changes": [{"at": "8.0.0", "status": "unaffected"}], "lessThanOrEqual": "7.2.3", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Ananda Dhakal (Patchstack)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Server-Side Request Forgery (SSRF) vulnerability in Really Simple Plugins Really Simple SSL.<p>This issue affects Really Simple SSL: from n/a through 7.2.3.</p>"}], "value": "Server-Side Request Forgery (SSRF) vulnerability in Really Simple Plugins Really Simple SSL.This issue affects Really Simple SSL: from n/a through 7.2.3.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-04-18T10:28:28.168Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/really-simple-ssl/wordpress-really-simple-ssl-plugin-7-2-3-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to 8.0.0 or a higher version."}], "value": "Update to 8.0.0 or a higher version."}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress Really Simple SSL plugin <= 7.2.3 - Server Side Request Forgery (SSRF) vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-31229", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-23T15:08:58.847581Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:really-simple-plugins:complianz:-:*:*:*:*:wordpress:*:*"], "vendor": "really-simple-plugins", "product": "complianz", "versions": [{"status": "affected", "version": "-"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:37:20.022Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:46:04.959Z"}, "title": "CVE Program Container", "references": [{"tags": ["vdb-entry", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/really-simple-ssl/wordpress-really-simple-ssl-plugin-7-2-3-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"}]}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-31229", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2024-03-29T16:01:36.329Z", "datePublished": "2024-04-18T10:28:28.168Z", "dateUpdated": "2024-06-04T17:37:20.022Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "really-simple-ssl", "product": "Really Simple SSL", "vendor": "Really Simple Plugins", "versions": [{"changes": [{"at": "8.0.0", "status": "unaffected"}], "lessThanOrEqual": "7.2.3", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Ananda Dhakal (Patchstack)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Server-Side Request Forgery (SSRF) vulnerability in Really Simple Plugins Really Simple SSL.<p>This issue affects Really Simple SSL: from n/a through 7.2.3.</p>"}], "value": "Server-Side Request Forgery (SSRF) vulnerability in Really Simple Plugins Really Simple SSL.This issue affects Really Simple SSL: from n/a through 7.2.3.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-04-18T10:28:28.168Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/really-simple-ssl/wordpress-really-simple-ssl-plugin-7-2-3-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to 8.0.0 or a higher version."}], "value": "Update to 8.0.0 or a higher version."}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress Really Simple SSL plugin <= 7.2.3 - Server Side Request Forgery (SSRF) vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-31229", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-23T15:08:58.847581Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:really-simple-plugins:complianz:-:*:*:*:*:wordpress:*:*"], "vendor": "really-simple-plugins", "product": "complianz", "versions": [{"status": "affected", "version": "-"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-23T15:09:55.347Z"}, "title": "CISA ADP Vulnrichment"}]}}