Vulnerabilities > CVE-2021-3742 - Server-Side Request Forgery (SSRF) vulnerability in Chatwoot

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

chatwoot

CWE-918

NVD

Published: 2024-11-15

Updated: 2024-11-19

Summary

A Server-Side Request Forgery (SSRF) vulnerability was discovered in chatwoot/chatwoot, affecting all versions prior to 2.5.0. The vulnerability allows an attacker to upload an SVG file containing a malicious SSRF payload. When the SVG file is used as an avatar and opened in a new tab, it can trigger the SSRF, potentially leading to host redirection.

Vulnerable Configurations

Part	Description	Count
Application	Chatwoot Chatwoot Chatwoot 0.1.0 Chatwoot Chatwoot 1.0.0 Chatwoot Chatwoot 1.0.1 Chatwoot Chatwoot 1.0.2 Chatwoot Chatwoot 1.0.3 Chatwoot Chatwoot 1.1.0 Chatwoot Chatwoot 1.1.1 Chatwoot Chatwoot 1.1.2 Chatwoot Chatwoot 1.1.3 Chatwoot Chatwoot 1.2.0 Chatwoot Chatwoot 1.2.1 Chatwoot Chatwoot 1.2.2 Chatwoot Chatwoot 1.2.3 Chatwoot Chatwoot 1.2.4 Chatwoot Chatwoot 1.3.0 Chatwoot Chatwoot 1.4.0 Chatwoot Chatwoot 1.4.1 Chatwoot Chatwoot 1.4.2 Chatwoot Chatwoot 1.5.0 Chatwoot Chatwoot 1.5.1 Chatwoot Chatwoot 1.5.2 Chatwoot Chatwoot 1.5.3 Chatwoot Chatwoot 1.6.0 Chatwoot Chatwoot 1.6.1 Chatwoot Chatwoot 1.6.2 Chatwoot Chatwoot 1.6.3 Chatwoot Chatwoot 1.7.0 Chatwoot Chatwoot 1.7.1 Chatwoot Chatwoot 1.7.2 Chatwoot Chatwoot 1.8.0 Chatwoot Chatwoot 1.9.0 Chatwoot Chatwoot 1.10.0 Chatwoot Chatwoot 1.11.0 Chatwoot Chatwoot 1.11.1 Chatwoot Chatwoot 1.12.0 Chatwoot Chatwoot 1.12.1 Chatwoot Chatwoot 1.12.2 Chatwoot Chatwoot 1.13.0 Chatwoot Chatwoot 1.13.1 Chatwoot Chatwoot 1.14.0 Chatwoot Chatwoot 1.14.1 Chatwoot Chatwoot 1.14.2 Chatwoot Chatwoot 1.14.3 Chatwoot Chatwoot 1.15.0 Chatwoot Chatwoot 1.15.1 Chatwoot Chatwoot 1.16.1 Chatwoot Chatwoot 1.16.2 Chatwoot Chatwoot 1.17.0 Chatwoot Chatwoot 1.17.1 Chatwoot Chatwoot 1.18.0 Chatwoot Chatwoot 1.18.1 Chatwoot Chatwoot 1.18.2 Chatwoot Chatwoot 1.19.0 Chatwoot Chatwoot 1.20.0 Chatwoot Chatwoot 1.21.0 Chatwoot Chatwoot 1.21.1 Chatwoot Chatwoot 1.22.0 Chatwoot Chatwoot 1.22.1 Chatwoot Chatwoot 2.0.0 Chatwoot Chatwoot 2.0.1 Chatwoot Chatwoot 2.0.2 Chatwoot Chatwoot 2.1.0 Chatwoot Chatwoot 2.1.1 Chatwoot Chatwoot 2.2.0 Chatwoot Chatwoot 2.2.1 Chatwoot Chatwoot 2.3.0 Chatwoot Chatwoot 2.3.1 Chatwoot Chatwoot 2.3.2 Chatwoot Chatwoot 2.4.0 Chatwoot Chatwoot 2.4.1	70

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References