Cyber Resilience

CVE-2024-4399

CriticalPublic PoC

Published: 23 May 2024

Published
23 May 2024
Modified
30 June 2025
KEV Added
Patch
CVSS Score v3.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.2505 96.3th percentile
Risk Priority 33 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-4399 is a critical-severity SSRF (CWE-918) vulnerability in Apereo Central Authentication Service. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Network Service Discovery (T1046); ranked in the top 3.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

CVE-2024-4399 is a server-side request forgery vulnerability (CWE-918) caused by missing validation of a parameter before the software issues a request to the supplied value. The flaw carries a CVSS 3.1 score of 9.1 and affects the component referenced in the associated WPScan entry published on 23 May 2024.

Unauthenticated attackers with network access can supply an arbitrary URL and force the affected software to make an outbound request, resulting in high impact to confidentiality and integrity without any user interaction or privileges.

The linked WPScan advisories describe the issue and are the primary public sources of technical detail and remediation guidance for the vulnerability.

EPSS for the CVE reached a peak of 0.3006 and currently stands at 0.2505, indicating sustained moderate exploitation interest after disclosure.

EU & UK References

Vulnerability details

The does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attack

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1046 Network Service Discovery Discovery
Adversaries may attempt to get a listing of services running on remote hosts and local network infrastructure devices, including those that may be vulnerable to remote software exploitation.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Unauthenticated SSRF in public-facing WordPress theme enables exploitation of the application (T1190) and internal network service discovery by forcing server requests to arbitrary internal endpoints like localhost ports (T1046).

Affected Assets

apereo
central authentication service
all versions

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-918

Penetration testing attempts server-side requests to internal resources, identifying SSRF weaknesses for remediation.

addresses: CWE-918

Outbound connections to external resources can be monitored and limited at the boundary, reducing SSRF impact.

addresses: CWE-918

Validates server-side URLs and resource references to block SSRF attempts.

addresses: CWE-918

Detects server-side request forgery through monitoring of unexpected outbound connections.

References