CVE-2024-5885

stangirard/quivr version 0.0.236 contains a Server-Side Request Forgery (SSRF) vulnerability. The application does not provide sufficient controls when crawling a website, allowing an attacker to access applications on the local network. This vulnerability could allow a malicious user to gain access to internal servers, the AWS metadata endpoint, and capture Supabase data.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:quivr:quivr:0.0.236:*:*:*:*:*:*:*

History

21 Nov 2024, 09:48

Type Values Removed Values Added
References () https://huntr.com/bounties/c178bf48-1d4a-4743-87ca-4cc8e475d274 - Exploit, Technical Description () https://huntr.com/bounties/c178bf48-1d4a-4743-87ca-4cc8e475d274 - Exploit, Technical Description

20 Aug 2024, 20:37

Type Values Removed Values Added
Summary
  • (es) La versión 0.0.236 de stangirard/quivr contiene una vulnerabilidad de Server-Side Request Forgery (SSRF). La aplicación no proporciona controles suficientes al rastrear un sitio web, lo que permite a un atacante acceder a aplicaciones en la red local. Esta vulnerabilidad podría permitir que un usuario malintencionado obtenga acceso a servidores internos, al endpoint de metadatos de AWS y capture datos de Supabase.
CPE cpe:2.3:a:quivr:quivr:0.0.236:*:*:*:*:*:*:*
References () https://huntr.com/bounties/c178bf48-1d4a-4743-87ca-4cc8e475d274 - () https://huntr.com/bounties/c178bf48-1d4a-4743-87ca-4cc8e475d274 - Exploit, Technical Description
First Time Quivr quivr
Quivr

27 Jun 2024, 19:25

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-27 19:15

Updated : 2024-11-21 09:48


NVD link : CVE-2024-5885

Mitre link : CVE-2024-5885

CVE.ORG link : CVE-2024-5885


JSON object : View

Products Affected

quivr

  • quivr
CWE
CWE-918

Server-Side Request Forgery (SSRF)