Login Sign Up

CVE-2024-13029

4.3 MEDIUM
SSRF

📋 TL;DR

This vulnerability allows attackers to perform server-side request forgery (SSRF) attacks against Antabot White-Jotter systems. Attackers can manipulate the book cover URL functionality in the Edit Book Handler to make the server send unauthorized requests to internal or external systems. This affects all users running White-Jotter versions up to 0.2.2.

💻 Affected Systems

Products:
  • Antabot White-Jotter
Versions: up to 0.2.2
Operating Systems: all
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the /admin/content/book endpoint when editing book cover URLs. Requires admin access to exploit.

📦 What is this software?

White Jotter by Antabot

View all CVEs affecting White Jotter →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access internal services, exfiltrate sensitive data from internal networks, or use the vulnerable server as a proxy for attacks against other systems.

🟠

Likely Case

Information disclosure from internal services, port scanning of internal networks, or limited data exfiltration from accessible internal endpoints.

🟢

If Mitigated

Limited impact with proper network segmentation, egress filtering, and input validation in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit requires admin authentication. Public proof-of-concept demonstrates SSRF via book cover URL manipulation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: unknown

Vendor Advisory: none

Restart Required: No

Instructions:

No official patch available. Upgrade to version above 0.2.2 if available, or implement workarounds.

🔧 Temporary Workarounds

Input Validation for URLs

all

Implement strict validation of book cover URLs to only allow HTTP/HTTPS URLs to trusted domains

Network Segmentation

all

Restrict outbound network access from the White-Jotter server to only necessary services

🧯 If You Can't Patch

  • Implement web application firewall rules to block SSRF patterns in book cover URL parameters
  • Restrict admin access to trusted IP addresses only and implement strong authentication

🔍 How to Verify

Check if Vulnerable:

Check if White-Jotter version is 0.2.2 or earlier. Test if /admin/content/book endpoint accepts arbitrary URLs for book cover field.

Check Version:

Check package.json or application configuration for version number

Verify Fix Applied:

Verify that book cover URL field only accepts validated URLs and cannot make requests to internal IPs or restricted domains.

📡 Detection & Monitoring

Log Indicators:

  • Unusual outbound HTTP requests from server
  • Requests to internal IP addresses from application
  • Multiple failed URL validation attempts

Network Indicators:

  • Outbound requests to unusual ports from application server
  • Requests to internal services from external-facing server

SIEM Query:

source_ip=application_server AND (dest_ip=internal_range OR dest_port!=80,443)

📊 Metadata

CVE ID: CVE-2024-13029
CVSS v3 Score: 4.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CWE: CWE-918
Published: December 30, 2024
Last Updated: August 21, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-13029, you might also want to check these:

CVE-2023-3432 10.0

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in PlantUML versions prior to ...

Same vulnerability type (CWE-918)
CVE-2025-2828 10.0

This Server-Side Request Forgery (SSRF) vulnerability in langchain-community's RequestsToolkit allow...

Same vulnerability type (CWE-918)
CVE-2023-43654 10.0

TorchServe versions 0.1.0 to 0.8.1 have a critical vulnerability where the default configuration lac...

Same vulnerability type (CWE-918)