CVE-2024-2796 CRITICAL

CVE-2024-2796: SSRF in Akana API Platform

Vendor Akana
Product Akana API Platform
Weakness CWE-918 · SSRF
Published April 18, 2024
Last update September 17, 2024

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

What the vulnerability does

01Description

A server-side request forgery (SSRF) was discovered in the Akana API Platform in versions prior to and including 2022.1.3. Reported by Jakob Antonsson.

Key dates

02Disclosure timeline

April 18, 2024 CVE published
September 17, 2024 Record updated