CVE-2020-23776

Exploit

EPSS 0.28%
Veröffentlicht 26.01.2021 22:15:11
Zuletzt bearbeitet 21.11.2024 05:14:04
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

A SSRF vulnerability exists in Winmail 6.5 in app.php in the key parameter when HTTPS is on. An attacker can use this vulnerability to cause the server to send a request to a specific URL. An attacker can modify the request header 'HOST' value to cause the server to send the request.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Winmail Project ≫ Winmail Version6.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.28%	0.509

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

https://github.com/zhonghaozhao/winmail/issues/3

Third Party Advisory

Exploit

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2020-23776

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-23776

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-23776

EUVD