Vulnerabilities > CVE-2017-18638 - Server-Side Request Forgery (SSRF) vulnerability in Graphite Project Graphite
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
send_email in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent to an e-mail address that can be supplied by the attacker. Thus, an attacker can exfiltrate any information.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family | Debian Local Security Checks |
NASL id | DEBIAN_DLA-1962.NASL |
description | The |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 130131 |
published | 2019-10-22 |
reporter | This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/130131 |
title | Debian DLA-1962-1 : graphite-web security update |
code |
|
References
- https://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.html#second-bug-internal-graphite-ssrf
- https://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.html#second-bug-internal-graphite-ssrf
- https://github.com/graphite-project/graphite-web/issues/2008
- https://github.com/graphite-project/graphite-web/issues/2008
- https://github.com/graphite-project/graphite-web/pull/2499
- https://github.com/graphite-project/graphite-web/pull/2499
- https://github.com/graphite-project/graphite-web/security/advisories/GHSA-vfj6-275q-4pvm
- https://github.com/graphite-project/graphite-web/security/advisories/GHSA-vfj6-275q-4pvm
- https://lists.debian.org/debian-lts-announce/2019/10/msg00030.html
- https://lists.debian.org/debian-lts-announce/2019/10/msg00030.html
- https://www.youtube.com/watch?v=ds4Gp4xoaeA
- https://www.youtube.com/watch?v=ds4Gp4xoaeA