| |
Vulnerability CVE-2018-1000553
Published: 2018-06-26
| Description: |
Trovebox version <= 4.0.0-rc6 contains a Server-Side request forgery vulnerability in webhook component that can result in read or update internal resources. This attack appear to be exploitable via HTTP request. This vulnerability appears to have been fixed in after commit 742b8ed. |
Type:
CWE-918
CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
6.5/10 |
6.4/10 |
8/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
Single time |
| Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
Partial |
Partial |
References: |
https://telekomsecurity.github.io/2018/04/trovebox-vulnerabilities.html
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
