Trovebox version <= 4.0.0-rc6 contains a Server-Side request forgery vulnerability in webhook component that can result in read or update internal resources. This attack appear to be exploitable via HTTP request. This vulnerability appears to have been fixed in after commit 742b8ed.
References
Link | Resource |
---|---|
https://telekomsecurity.github.io/2018/04/trovebox-vulnerabilities.html | Exploit Third Party Advisory |
https://telekomsecurity.github.io/2018/04/trovebox-vulnerabilities.html | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 03:40
Type | Values Removed | Values Added |
---|---|---|
References | () https://telekomsecurity.github.io/2018/04/trovebox-vulnerabilities.html - Exploit, Third Party Advisory |
Information
Published : 2018-06-26 16:29
Updated : 2024-11-21 03:40
NVD link : CVE-2018-1000553
Mitre link : CVE-2018-1000553
CVE.ORG link : CVE-2018-1000553
JSON object : View
Products Affected
trovebox
- trovebox
CWE
CWE-918
Server-Side Request Forgery (SSRF)