4 matches found
CVE-2020-8902
Rendertron versions prior to 3.0.0 are are susceptible to a Server-Side Request Forgery SSRF attack. An attacker can use a specially crafted webpage to force a rendertron headless chrome process to render internal sites it has access to, and display it as a screenshot. Suggested mitigations are t...
CVE-2020-8902
Rendertron versions prior to 3.0.0 are are susceptible to a Server-Side Request Forgery SSRF attack. An attacker can use a specially crafted webpage to force a rendertron headless chrome process to render internal sites it has access to, and display it as a screenshot. Suggested mitigations are t...
CVE-2020-8902
Rendertron versions prior to 3.0.0 are are susceptible to a Server-Side Request Forgery SSRF attack. An attacker can use a specially crafted webpage to force a rendertron headless chrome process to render internal sites it has access to, and display it as a screenshot. Suggested mitigations are t...
CVE-2020-8902
Summary (CVE-2020-8902): Rendertron versions prior to 3.0.0 are vulnerable to an SSRF flaw. An attacker can craft a webpage that causes a headless Chrome process used by Rendertron to render internal sites accessible to the system, potentially exposing internal resources as screenshots. Affected ...