Lucene search

HistoryApr 29, 2024 - 12:00 a.m.

NextChat < 2.11.3 SSRF

2024-04-2900:00:00

www.tenable.com

ssrf vulnerability

nextchat

binary data

scanner

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

7.1

Confidence

Low

EPSS

0.001

Percentile

18.3%

JSON

The remote host contains a torchserve version that is prior to 2.11.3. It is, therefore, affected by a Server Side Request Forgery vulnerability in the api/cors endpoint.

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

Binary data nextchat_CVE-2023-49785.nbin

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49785

www.nessus.org/u?159059b0

www.nessus.org/u?c711dba2

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

7.1

Confidence

Low

EPSS

0.001

Percentile

18.3%

JSON

Related for NEXTCHAT_CVE-2023-49785.NBIN