Server side request forgery (ssrf)

2018-06-2616:29:00

PRIOn knowledge base

www.prio-n.com

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.2%

JSON

Trovebox version <= 4.0.0-rc6 contains a Server-Side request forgery vulnerability in webhook component that can result in read or update internal resources. This attack appear to be exploitable via HTTP request. This vulnerability appears to have been fixed in after commit 742b8ed.

CPENameOperatorVersion
troveboxeq4.0.0 rc6
troveboxle3.0.0
troveboxeq4.0.0 rc5
troveboxeq4.0.0 rc2

Name	Operator	Version
trovebox	eq	4.0.0 rc6
trovebox	le	3.0.0
trovebox	eq	4.0.0 rc5
trovebox	eq	4.0.0 rc2

References

telekomsecurity.github.io/2018/04/trovebox-vulnerabilities.html