Vulnerabilities > CVE-2021-31216 - Server-Side Request Forgery (SSRF) vulnerability in Siren Investigate

CVSS 5.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

siren

CWE-918

NVD

Published: 2021-07-19

Updated: 2021-07-28

Summary

Siren Investigate before 11.1.1 contains a server side request forgery (SSRF) defect in the built-in image proxy route (which is enabled by default). An attacker with access to the Investigate installation can specify an arbitrary URL in the parameters of the image proxy route and fetch external URLs as the Investigate process on the host.

Vulnerable Configurations

Part	Description	Count
Application	Siren Siren Investigate *	1

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://docs.siren.io/siren-platform-user-guide/11.1/release-notes.html
https://community.siren.io/c/announcements