CVE-2024-9408

Description

In Eclipse GlassFish version 6.2.5, it is possible to perform a Server Side Request Forgery attack using specific endpoints.

Affected packages (1)

• Maven/org.glassfish.main.admingui:console-commonfrom 0, <= 6.2.5

CVSS scores

References (4)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-9408
• PATCHhttps://github.com/eclipse-ee4j/glassfish
• WEBhttps://gitlab.eclipse.org/security/cve-assignement/-/issues/38
• WEBhttps://gitlab.eclipse.org/security/vulnerability-reports/-/issues/239