CVE-2024-33832

Name of the Vulnerable Software and Affected Versions OneNav version 0.9.35-20240318

Description The issue is related to a Server-Side Request Forgery (SSRF) in the component "/index.php?c=api&method=get link info". This allows for potential unauthorized access to internal resources.

Recommendations For OneNav version 0.9.35-20240318, as a temporary workaround, consider disabling the "/index.php?c=api&method=get link info" component until a patch is available. Restrict access to this component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.