← Zuruck zu CVEs

CVE-2021-31216

HIGH

8.1

Beschreibung

Siren Investigate before 11.1.1 contains a server side request forgery (SSRF) defect in the built-in image proxy route (which is enabled by default). An attacker with access to the Investigate installation can specify an arbitrary URL in the parameters of the image proxy route and fetch external URLs as the Investigate process on the host.

CVE Details

CVSS v3.1 Bewertung8.1

SchweregradHIGH

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienLOW

BenutzerinteraktionNONE

Veroffentlicht7/19/2021

Zuletzt geandert11/21/2024

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

siren:investigate

Schwachen (CWE)

CWE-918

Referenzen

https://community.siren.io/c/announcements(cve@mitre.org)

https://docs.siren.io/siren-platform-user-guide/11.1/release-notes.html(cve@mitre.org)

https://community.siren.io/c/announcements(af854a3a-2127-422b-91ae-364da2661108)

https://docs.siren.io/siren-platform-user-guide/11.1/release-notes.html(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.