Bug 2001847 (CVE-2017-18638)
| Summary: | CVE-2017-18638 graphite-web: graphite.composer.views.send_email vulnerable to SSRF | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Marian Rehak <mrehak> |
| Component: | vulnerability | Assignee: | Nobody <nobody> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | anharris, bniver, extras-orphan, flucifre, gmeno, hvyas, jonathansteffan, mbenjamin, mhackett, piotr1212, puebele, sostapov, vereddy |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | graphite-web 1.1.6 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A flaw was found in graphite-web. The send_email in the graphite-web/webapp/graphite/composer/views.py function is vulnerable to a Server-side request forgery (SSRF). This flaw allows an attacker to use the vulnerable SSRF endpoint to have the Graphite web server request any resource. An attacker can exfiltrate any information due to the response the SSRF request encodes into an image file sent to an email address supplied by the attacker.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2001848, 2016997 | ||
| Bug Blocks: | 2001850 | ||
|
Description
Marian Rehak
2021-09-07 10:38:46 UTC
Created graphite-web tracking bugs for this issue: Affects: epel-7 [bug 2001848] |