exploitDog

CVE-2023-24060

Опубликовано: 27 янв. 2023

Источник: nvd

CVSS3: 5

EPSS Низкий

Описание

Haven 5d15944 allows Server-Side Request Forgery (SSRF) via the feed[url]= Feeds functionality. Authenticated users with the ability to create new RSS Feeds or add RSS Feeds can supply an arbitrary hostname (or even the hostname of the Haven server itself). NOTE: this product has significant usage but does not have numbered releases; ordinary end users may typically use the master branch.

Ссылки

https://github.com/havenweb/haven/issues/51
Exploit
Issue Tracking
Third Party Advisory
https://havenweb.org/
Product
Vendor Advisory
https://github.com/havenweb/haven/issues/51
Exploit
Issue Tracking
Third Party Advisory
https://havenweb.org/
Product
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:havenweb:haven:5d15944:*:*:*:*:*:*:*

EPSS

Процентиль: 48%

0.00253

Низкий

5 Medium

CVSS3

Дефекты

CWE-918

CWE-918

Связанные уязвимости

GHSA-jmj5-q6wr-x9v2

CVSS3: 5

github

около 3 лет назад

Haven 5d15944 allows Server-Side Request Forgery (SSRF) via the feed[url]= Feeds functionality. Authenticated users with the ability to create new RSS Feeds or add RSS Feeds can supply an arbitrary hostname (or even the hostname of the Haven server itself). NOTE: this product has significant usage but does not have numbered releases; ordinary end users may typically use the master branch.

EPSS

Процентиль: 48%

0.00253

Низкий

5 Medium

CVSS3

Дефекты

CWE-918

CWE-918