Vulnerabilities > CVE-2024-43379 - Server-Side Request Forgery (SSRF) vulnerability in Trufflesecurity Trufflehog

047910
CVSS 3.1 - LOW
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
LOW
Availability impact
NONE
network
high complexity
trufflesecurity
CWE-918

Summary

TruffleHog is a secrets scanning tool. Prior to v3.81.9, this vulnerability allows a malicious actor to craft data in a way that, when scanned by specific detectors, could trigger the detector to make an unauthorized request to an endpoint chosen by the attacker. For an exploit to be effective, the target endpoint must be an unauthenticated GET endpoint that produces side effects. The victim must scan the maliciously crafted data and have such an endpoint targeted for the exploit to succeed. The vulnerability has been resolved in TruffleHog v3.81.9 and later versions.

Vulnerable Configurations

Part Description Count
Application
Trufflesecurity
235

Common Weakness Enumeration (CWE)