Ruijie Reyee OS versions 2.206.x up to but not including...
Critical severity
Unreviewed
Published
Dec 6, 2024
to the GitHub Advisory Database
•
Updated Dec 6, 2024
Description
Published by the National Vulnerability Database
Dec 6, 2024
Published to the GitHub Advisory Database
Dec 6, 2024
Last updated
Dec 6, 2024
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could give attackers the ability to force Ruijie's proxy servers to perform any request the attackers choose. Using this, attackers could access internal services used by Ruijie and their internal cloud infrastructure via AWS cloud metadata services.
References