2333370 – (CVE-2024-12801) CVE-2024-12801 logback-core: SaxEventRecorder vulnerable to Server-Side Request Forgery (SSRF) attacks

Bug 2333370 (CVE-2024-12801) - CVE-2024-12801 logback-core: SaxEventRecorder vulnerable to Server-Side Request Forgery (SSRF) attacks

Summary: CVE-2024-12801 logback-core: SaxEventRecorder vulnerable to Server-Side Reque...

Keywords:
Status:	NEW
Alias:	CVE-2024-12801
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2024-12-19 17:01 UTC by OSIDB Bzimport
Modified:	2025-03-17 23:44 UTC (History)
CC List:	82 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2024-12-19 17:01:29 UTC

Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 1.5.12 on the Java platform, allows an attacker to 
forge requests by compromising logback configuration files in XML.



The attacks involves the modification of DOCTYPE declaration in  XML configuration files.

Note You need to log in before you can comment on or make changes to this bug.

abrianik
adupliak
asoldano
ataylor
bbaranow
bmaxwell
boliveir
brian.stansberry
caswilli
ccranfor
cdewolf
chazlett
chfoley
cmiranda
csutherl
darran.lofthouse
dhanak
dkreling
dosoudil
drichtar
ecerquei
ehelms
fjuma
fmariani
ggainey
gmalinko
ibek
istudens
ivassile
iweiss
janstey
jcantril
jclere
jkoops
jpechane
jpoth
jrokos
jross
jscholz
juwatts
kaycoth
kholdawa
kverlaen
lcouzens
lgao
mhulan
mnovotny
mosmerov
mskarbek
msochure
msvehla
nmoumoul
nwallace
parichar
pcongius
pcreech
pdelbell
pdrozd
peholase
pesilva
pjindal
plodge
pmackay
pskopek
rchan
rguimara
rkieley
rmartinc
rojacob
rowaters
rstancel
rstepani
saroy
smaestri
smallamp
sthorger
swoodman
szappis
tasato
tcunning
tom.jenkinson
yfang