20.0.975

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

bitrix24

CWE-918

NVD

Published: 2020-06-24

Updated: 2020-07-02

Summary

Bitrix24 through 20.0.975 allows SSRF via an intranet IP address in the services/main/ajax.php?action=attachUrlPreview url parameter, if the destination URL hosts an HTML document containing '<meta name="og:image" content="' followed by an intranet URL.

Vulnerable Configurations

Part	Description	Count
Application	Bitrix24 Bitrix24 Bitrix24 - Bitrix24 Bitrix24 20.0.0 Bitrix24 Bitrix24 20.0.975	3

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://gist.github.com/mariuszpoplwski/f261a4bc06adde5c78760559db9d63bd