CVE-2024-1884
Published: 14 March 2024
Summary
CVE-2024-1884 is a medium-severity SSRF (CWE-918) vulnerability in Papercut Papercut Mf. Its CVSS base score is 6.5 (Medium).
Operationally, ranked in the top 7.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
This CVE describes a server-side request forgery (SSRF) flaw, tracked as CWE-918, in the PaperCut NG/MF server-side module. The vulnerability permits an unauthenticated remote attacker to cause the application to issue HTTP requests to arbitrary attacker-chosen domains, carrying a CVSS 3.1 score of 6.5.
An attacker with network access can exploit the issue without credentials or user interaction, achieving limited disclosure of internal resources and limited ability to interact with internal or external systems reachable by the PaperCut server.
PaperCut’s March 2024 security bulletin provides official guidance and remediation steps for affected customers.
EPSS for the CVE rose from a low baseline to a peak of 0.4038 on 2025-12-11 before receding, indicating a clear post-disclosure increase in exploitation interest.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-17609
Vulnerability details
This is a Server-Side Request Forgery (SSRF) vulnerability in the PaperCut NG/MF server-side module that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker's choosing.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Penetration testing attempts server-side requests to internal resources, identifying SSRF weaknesses for remediation.
Outbound connections to external resources can be monitored and limited at the boundary, reducing SSRF impact.
Validates server-side URLs and resource references to block SSRF attempts.
Detects server-side request forgery through monitoring of unexpected outbound connections.