Medium severity5.4NVD Advisory· Published Apr 23, 2025· Updated Apr 15, 2026

CVE-2024-10306

Description

A vulnerability was found in mod_proxy_cluster. The issue is that the <Directory> directive should be replaced by the <Location> directive as the former does not restrict IP/host access as Require ip IP_ADDRESS would suggest. This means that anyone with access to the host might send MCMP requests that may result in adding/removing/updating nodes for the balancing. However, this host should not be accessible to the public network as it does not serve the general traffic.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

access.redhat.com/errata/RHBA-2025:2973nvd
access.redhat.com/errata/RHBA-2025:5309nvd
access.redhat.com/errata/RHSA-2025:9434nvd
access.redhat.com/errata/RHSA-2025:9466nvd
access.redhat.com/errata/RHSA-2025:9997nvd
access.redhat.com/security/cve/CVE-2024-10306nvd
bugzilla.redhat.com/show_bug.cginvd

News mentions

No linked articles in our index yet.

cvss	0.351
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000