exploitDog

CVE-2020-24881

Опубликовано: 02 нояб. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Критический

Описание

SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning.

Ссылки

http://packetstormsecurity.com/files/160995/osTicket-1.14.2-Server-Side-Request-Forgery.html
Exploit
Third Party Advisory
VDB Entry
https://blackbatsec.medium.com/cve-2020-24881-server-side-request-forgery-in-osticket-eea175e147f0
Exploit
Third Party Advisory
https://github.com/osTicket/osTicket/commit/d98c2d096aeb8876c6ab2f88317cd371d781f14d
Patch
Third Party Advisory
http://packetstormsecurity.com/files/160995/osTicket-1.14.2-Server-Side-Request-Forgery.html
Exploit
Third Party Advisory
VDB Entry
https://blackbatsec.medium.com/cve-2020-24881-server-side-request-forgery-in-osticket-eea175e147f0
Exploit
Third Party Advisory
https://github.com/osTicket/osTicket/commit/d98c2d096aeb8876c6ab2f88317cd371d781f14d
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:osticket:osticket:*:*:*:*:*:*:*:*

Версия до 1.14.3 (исключая)

EPSS

Процентиль: 100%

0.91116

Критический

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-918

Связанные уязвимости

GHSA-m4x8-8rrp-jpc6

github

больше 3 лет назад

SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning.

EPSS

Процентиль: 100%

0.91116

Критический

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-918