CVE-2024-52602

Опубликовано: 16 янв. 2025

Источник: nvd

CVSS3: 5

CVSS3: 5.3

EPSS Низкий

Описание

Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. Matrix Media Repo (MMR) is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. This is fixed in MMR v1.3.8. Users are advised to upgrade. Restricting which hosts MMR is allowed to contact via (local) firewall rules or a transparent proxy and may provide a workaround for users unable to upgrade.

Ссылки

https://github.com/t2bot/matrix-media-repo/releases/tag/v1.3.8
Release Notes
https://github.com/t2bot/matrix-media-repo/security/advisories/GHSA-r6jg-jfv6-2fjv
Vendor Advisory
https://learn.snyk.io/lesson/ssrf-server-side-request-forgery
Technical Description
https://owasp.org/www-community/attacks/Server_Side_Request_Forgery
Technical Description
https://www.agwa.name/blog/post/preventing_server_side_request_forgery_in_golang
Technical Description

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:t2bot:matrix-media-repo:*:*:*:*:*:*:*:*

Версия до 1.3.8 (исключая)

EPSS

Процентиль: 38%

0.00166

Низкий

5 Medium

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-918

Связанные уязвимости

GHSA-r6jg-jfv6-2fjv

CVSS3: 5

github

около 1 года назад

Matrix Media Repo (MMR) allows Server-Side Request Forgery (SSRF) on redirects and federation

SUSE-SU-2025:0297-1

suse-cvrf

около 1 года назад

Security update for govulncheck-vulndb

EPSS

Процентиль: 38%

0.00166

Низкий

5 Medium

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-918