CVE-2024-12801 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2024-12801 Interim 1 7 2025-11-01T02:38:49Z current 2024-12-22T00:59:47Z 2025-11-01T02:38:49Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2024-12801 Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML. The attacks involves the modification of DOCTYPE declaration in XML configuration files. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2025-January/020093.html E-Mail link for SUSE-SU-2025:0072-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PPRBOLPRK5SRKJOONPEUDE3YZPUBLE23/ E-Mail link for openSUSE-SU-2025:14627-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 15.5 openSUSE Leap 15.6 openSUSE Tumbleweed logback logback-1.2.11-150200.3.10.1 logback-1.2.11-4.1 logback-access logback-access-1.2.11-150200.3.10.1 logback-access-1.2.11-4.1 logback-examples logback-examples-1.2.11-150200.3.10.1 logback-examples-1.2.11-4.1 logback-javadoc logback-javadoc-1.2.11-150200.3.10.1 logback-javadoc-1.2.11-4.1 logback-1.2.11-150200.3.10.1 as a component of openSUSE Leap 15.6 logback-access-1.2.11-150200.3.10.1 as a component of openSUSE Leap 15.6 logback-examples-1.2.11-150200.3.10.1 as a component of openSUSE Leap 15.6 logback-javadoc-1.2.11-150200.3.10.1 as a component of openSUSE Leap 15.6 logback-1.2.11-4.1 as a component of openSUSE Tumbleweed logback-access-1.2.11-4.1 as a component of openSUSE Tumbleweed logback-examples-1.2.11-4.1 as a component of openSUSE Tumbleweed logback-javadoc-1.2.11-4.1 as a component of openSUSE Tumbleweed logback as a component of openSUSE Leap 15.5 logback-access as a component of openSUSE Leap 15.5 logback-examples as a component of openSUSE Leap 15.5 logback-javadoc as a component of openSUSE Leap 15.5 Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML. The attacks involves the modification of DOCTYPE declaration in XML configuration files. CVE-2024-12801 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP7:logback-1.2.11-150200.3.10.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP7:logback-access-1.2.11-150200.3.10.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP7:logback-examples-1.2.11-150200.3.10.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP7:logback-javadoc-1.2.11-150200.3.10.1 openSUSE Leap 15.6:logback-1.2.11-150200.3.10.1 openSUSE Leap 15.6:logback-access-1.2.11-150200.3.10.1 openSUSE Leap 15.6:logback-examples-1.2.11-150200.3.10.1 openSUSE Leap 15.6:logback-javadoc-1.2.11-150200.3.10.1 openSUSE Tumbleweed:logback-1.2.11-4.1 openSUSE Tumbleweed:logback-access-1.2.11-4.1 openSUSE Tumbleweed:logback-examples-1.2.11-4.1 openSUSE Tumbleweed:logback-javadoc-1.2.11-4.1 moderate 5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N