CVE-2017-7553

Sažetak

The external_request api call in App Studio (millicore) allows server side request forgery (SSRF). An attacker could use this flaw to probe the network internal resources, and access restricted endpoints.

Reference

https://bugzilla.redhat.com/show_bug.cgi?id=1478792
https://access.redhat.com/errata/RHSA-2017:2675
https://access.redhat.com/errata/RHSA-2017:2674

CVSS

Base:	6.5
Impact:	6.4
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

12-02-2023 - 23:31

Objavljeno

29-09-2017 - 01:34