Описание
Server Side Request Forgery (SSRF) vulnerability exists in Discourse 2.3.2 and 2.6 via the email function. When writing an email in an editor, you can upload pictures of remote websites.
Ссылки
- ExploitPatchThird Party Advisory
- ExploitThird Party Advisory
- ExploitPatchThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:discourse:discourse:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.6.0:-:*:*:*:*:*:*
EPSS
Процентиль: 41%
0.00188
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-918
Связанные уязвимости
github
больше 3 лет назад
Server Side Request Forgery (SSRF) vulnerability exists in Discourse 2.3.2 and 2.6 via the email function. When writing an email in an editor, you can upload pictures of remote websites.
EPSS
Процентиль: 41%
0.00188
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-918