CVE-2024-23825

Exploit

EPSS 0.55%
Veröffentlicht 30.01.2024 17:15:11
Zuletzt bearbeitet 21.11.2024 08:58:30
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

TablePress SSRF vulnerability due to insufficient filtering of cloud provider hosts

TablePress <= 2.2.4 - Authenticated(Author+) Server Side Request Forgery(SSRF) via _get_import_files

TablePress is a table plugin for Wordpress. For importing tables, TablePress makes external HTTP requests based on a URL that is provided by the user. That user input is filtered insufficiently, which makes it is possible to send requests to unintended network locations and receive responses. On sites in a cloud environment like AWS, an attacker can potentially make GET requests to the instance's metadata REST API. If the instance's configuration is insecure, this can lead to the exposure of internal data, including credentials. This vulnerability is fixed in 2.2.5.

Mögliche Gegenmaßnahme

TablePress – Tables in WordPress made easy: Update to version 2.2.5, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Tablepress ≫ Tablepress SwPlatformwordpress Version < 2.2.5

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt TablePress – Tables in WordPress made easy

Version *-2.2.4

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.55%	0.415

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.9	1.2	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
security-advisories@github.com	3	1.3	1.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

https://github.com/TablePress/TablePress/commit/62aab50e7a9c486caaeff26dff4dc01e059ecb91

Patch

https://github.com/TablePress/TablePress/security/advisories/GHSA-x8rf-c8x6-mrpg

Vendor Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/8de52b68-c273-4561-98b0-e51afd6cd47b

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-23825

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-23825

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-23825

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-23825