CVE-2017-6201

Exploit

EPSS 1.89%
Veröffentlicht 06.02.2018 16:29:00
Zuletzt bearbeitet 21.11.2024 03:29:14
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

A Server Side Request Forgery vulnerability exists in the install app process in Sandstorm before build 0.203. A remote attacker may exploit this issue by providing a URL. It could bypass access control such as firewalls that prevent the attackers from accessing the URLs directly.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sandstorm ≫ Sandstorm Version < 0.203

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.89%	0.769

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.1	2.8	5.2	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
nvd@nist.gov	5.5	8	4.9	AV:N/AC:L/Au:S/C:P/I:P/A:N

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

https://devco.re/blog/2018/01/26/Sandstorm-Security-Review-CVE-2017-6200-en/

Third Party Advisory

Exploit

https://sandstorm.io/news/2017-03-02-security-review

Vendor Advisory

https://github.com/sandstorm-io/sandstorm/commit/164997fb958effbc90c5328c166706280a84aaa1

Patch

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-6201

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-6201

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-6201

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2017-6201