Lucene search

Veracode Vulnerability DatabaseVERACODE:30197

HistoryApr 29, 2021 - 3:41 a.m.

Server-side Request Forgery (SSRF)

2021-04-2903:41:21

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

6.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

JSON

yoast-seo-for-typo3/yoast_seo is vulnerable to server side request forgery. Failing to restrict analyzed URLs to domains managed by the current TYPO3 website allows a logged in TYPO3 backend user to make HTTP requests to arbitrary domains including the webserver itself or other internally managed resources.

CPENameOperatorVersion
yoast-seo-for-typo3/yoast_seole7.2.0

CPE	Name	Operator	Version
	yoast-seo-for-typo3/yoast_seo	le	7.2.0

References

github.com/Yoast/Yoast-SEO-for-TYPO3/commit/3fa83522368abd5228dc111d329892bc8c897df0

typo3.org/security/advisory/typo3-ext-sa-2021-006

6.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

JSON

Related for VERACODE:30197