2019R2

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

digdash

CWE-918

NVD

Published: 2020-06-15

Updated: 2020-06-24

Summary

An issue was discovered in DigDash 2018R2 before p20200210 and 2019R1 before p20200210. The login page is vulnerable to Server-Side Request Forgery (SSRF) that allows use of the application as a proxy. Sent to an external server, a forged request discloses application credentials. For a request to an internal component, the request is blind, but through the error message it's possible to determine whether the request targeted a open service.

Vulnerable Configurations

Part	Description	Count
Application	Digdash Digdash Digdash 2018R2 Digdash Digdash 2019R1 Digdash Digdash 2019R2	3

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://know.bishopfox.com/advisories/digdash-version-2018