 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| CVE ID: | CVE-2017-18638 |
| Description: | send_email in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent to an e-mail address that can be supplied by the attacker. Thus, an attacker can exfiltrate any information. |
| Test IDs: | 1.3.6.1.4.1.25623.1.0.891962 |
| Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2017-18638 https://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.html#second-bug-internal-graphite-ssrf https://github.com/graphite-project/graphite-web/issues/2008 https://github.com/graphite-project/graphite-web/pull/2499 https://github.com/graphite-project/graphite-web/security/advisories/GHSA-vfj6-275q-4pvm https://www.youtube.com/watch?v=ds4Gp4xoaeA https://lists.debian.org/debian-lts-announce/2019/10/msg00030.html |