Vulnerabilities > CVE-2021-43449 - Server-Side Request Forgery (SSRF) vulnerability in Onlyoffice Server 7.0.0.49
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
NONE Summary
ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Server-Side Request Forgery (SSRF). The document editor service can be abused to read and serve arbitrary URLs as a document.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
References
- https://github.com/ONLYOFFICE/server
- https://github.com/ONLYOFFICE/server
- https://labs.nettitude.com/blog/exploiting-onlyoffice-web-sockets-for-unauthenticated-remote-code-execution/
- https://labs.nettitude.com/blog/exploiting-onlyoffice-web-sockets-for-unauthenticated-remote-code-execution/
- https://www.onlyoffice.com/
- https://www.onlyoffice.com/