Vulnerabilities > CVE-2020-10791 - Server-Side Request Forgery (SSRF) vulnerability in It-Novum Openitcockpit
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
HIGH Availability impact
NONE Summary
app/Plugin/GrafanaModule/Controller/GrafanaConfigurationController.php in openITCOCKPIT before 3.7.3 allows remote authenticated users to trigger outbound TCP requests (aka SSRF) via the Test Connection feature (aka testGrafanaConnection) of the Grafana Module.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://github.com/it-novum/openITCOCKPIT/commit/50722befae4cfedd0103f9b0ec2a7e22530b2385
- https://openitcockpit.io/2020/2020/03/23/openitcockpit-3-7-3-released/
- https://github.com/it-novum/openITCOCKPIT/commit/50722befae4cfedd0103f9b0ec2a7e22530b2385
- https://openitcockpit.io/2020/2020/03/23/openitcockpit-3-7-3-released/