Back to bug 2001847
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Marian Rehak | 2021-09-07 10:38:59 UTC | Depends On | 2001848 | |
| Marian Rehak | 2021-09-07 10:47:51 UTC | Blocks | 2001850 | |
| RaTasha Tillery-Smith | 2021-09-07 14:16:47 UTC | Doc Text | A flaw was found in graphite-web. The send_email in the graphite-web/webapp/graphite/composer/views.py function is vulnerable to a Server-side request forgery (SSRF). This flaw allows an attacker to use the vulnerable SSRF endpoint to have the Graphite web server request any resource. An attacker can exfiltrate any information due to the response the SSRF request encodes into an image file sent to an email address supplied by the attacker. The highest threat from this vulnerability is to confidentiality. | |
| Hardik Vyas | 2021-10-25 11:20:41 UTC | Doc Text | A flaw was found in graphite-web. The send_email in the graphite-web/webapp/graphite/composer/views.py function is vulnerable to a Server-side request forgery (SSRF). This flaw allows an attacker to use the vulnerable SSRF endpoint to have the Graphite web server request any resource. An attacker can exfiltrate any information due to the response the SSRF request encodes into an image file sent to an email address supplied by the attacker. The highest threat from this vulnerability is to confidentiality. | A flaw was found in graphite-web. The send_email in the graphite-web/webapp/graphite/composer/views.py function is vulnerable to a Server-side request forgery (SSRF). This flaw allows an attacker to use the vulnerable SSRF endpoint to have the Graphite web server request any resource. An attacker can exfiltrate any information due to the response the SSRF request encodes into an image file sent to an email address supplied by the attacker. |
| Fixed In Version | graphite-web 1.1.6 | |||
| CC | puebele | |||
| Hardik Vyas | 2021-10-25 11:28:22 UTC | Summary | CVE-2017-18638 graphite-web: SSRF vulnerability in send_email in graphite-web/webapp/graphite/composer/views.py | CVE-2017-18638 graphite-web: graphite.composer.views.send_email vulnerable to SSRF |
| Hardik Vyas | 2021-10-25 11:29:42 UTC | Depends On | 2016997 | |
| Red Hat Bugzilla | 2023-01-01 05:32:32 UTC | CC | amctagga | |
| Red Hat Bugzilla | 2023-01-01 05:47:21 UTC | CC | flucifre | |
| Red Hat Bugzilla | 2023-01-01 05:52:36 UTC | CC | mhackett | |
| Red Hat Bugzilla | 2023-01-01 06:01:59 UTC | CC | bniver | |
| Red Hat Bugzilla | 2023-01-01 08:33:59 UTC | CC | mbenjamin | |
| Red Hat Bugzilla | 2023-01-01 08:42:56 UTC | CC | sostapov | |
| Red Hat Bugzilla | 2023-01-01 08:47:32 UTC | CC | vereddy | |
| Alasdair Kergon | 2023-01-04 05:43:50 UTC | CC | sostapov | |
| Alasdair Kergon | 2023-01-04 06:11:25 UTC | CC | bniver | |
| Alasdair Kergon | 2023-01-04 06:23:48 UTC | CC | mbenjamin | |
| Alasdair Kergon | 2023-01-04 06:43:51 UTC | CC | flucifre | |
| Alasdair Kergon | 2023-01-04 06:59:12 UTC | CC | vereddy | |
| Alasdair Kergon | 2023-01-04 11:29:24 UTC | CC | mhackett | |
| Red Hat Bugzilla | 2023-07-07 08:28:05 UTC | Assignee | security-response-team | nobody |
Back to bug 2001847