Lucene search

GoogleOSV:GHSA-Q5Q3-QM26-9JWM

HistoryDec 21, 2023 - 6:30 p.m.

Authenticated Blind SSRF in automad/automad

2023-12-2118:30:23

Google

osv.dev

automad

authenticated

blind

server-side request forgery

importurl

filecontroller.php

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0.001

Percentile

26.1%

JSON

automad up to 1.10.9 is vulnerable to an authenticated blind server-side request forgery in importUrl as the import function on the FileController.php file was not properly validating the value of the importUrl argument. This issue may allow attackers to perform a port scan against the local environment or abuse some service.

References

github.com/marcantondahmen/automad

github.com/screetsec/VDD/tree/main/Automad%20CMS/Authenticated%20Blind%20SSRF

nvd.nist.gov/vuln/detail/CVE-2023-7037

vuldb.com/?ctiid.248686

vuldb.com/?id.248686

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0.001

Percentile

26.1%

JSON

Related for OSV:GHSA-Q5Q3-QM26-9JWM