CVE-2020-24700 — Server-Side Request Forgery in Appsuite

CWE-918 — Server-Side Request Forgery3 documents3 sources
Severity
5.4MEDIUMNVD
EPSS
0.3%
top 48.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Open-xchange Appsuite
Timeline
PublishedJan 12
Latest updateMay 24

Description

OX App Suite through 7.10.3 allows SSRF because GET requests are sent to arbitrary domain names with an initial autoconfig. substring.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-3jcw-ph85-3mv4: OX App Suite through 7↗2022-05-24
â–¶
CVEList
CVE-2020-24700: OX App Suite through 7↗2021-01-12
â–¶
CVE-2020-24700 — Server-Side Request Forgery | cvebase