Lucene search
K

4 matches found

Circl
Circl
added 2023/12/22 6:23 p.m.7 views

CVE-2023-50259

creationtimestamp| type| source ---|---|--- 2023-12-22 18:23:33+00:00| seen| https://t.me/ctinow/158520 2024-01-03 23:17:15+00:00| seen| https://t.me/ctinow/162652 2024-01-18 10:41:34+00:00| seen| https://t.me/ctinow/169657...

5.3CVSS6AI score0.00602EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/12/22 5:0 p.m.13 views

CVE-2023-50259 Blind SSRF in /home/testslack endpoint

Medusa is an automatic video library manager for TV shows. Versions prior to 1.0.19 are vulnerable to unauthenticated blind server-side request forgery SSRF. The testslack request handler in medusa/server/web/home/handler.py does not validate the user-controlled slackwebhook variable and passes i...

5.3CVSS7.3AI score0.00602EPSS
Exploits1References5
Cvelist
Cvelist
added 2023/12/22 5:0 p.m.26 views

CVE-2023-50259 Blind SSRF in /home/testslack endpoint

Medusa is an automatic video library manager for TV shows. Versions prior to 1.0.19 are vulnerable to unauthenticated blind server-side request forgery SSRF. The testslack request handler in medusa/server/web/home/handler.py does not validate the user-controlled slackwebhook variable and passes i...

5.3CVSS5.7AI score0.00602EPSS
Exploits1References5
CVE
CVE
added 2023/12/22 5:0 p.m.35 views

CVE-2023-50259

CVE-2023-50259 affects Medusa prior to 1.0.19, where the /home/testslack endpoint allows unauthenticated blind SSRF. The issue arises because the testslack handler does not validate the user-controlled slack_webhook URL, passing it to notifiers.slack_notifier.test_notify, then _notify_slack and _...

5.3CVSS5.4AI score0.00602EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder