CVE-2023-46730

Published: Nov 7, 2023

Modified: Sep 4, 2024

PUBLISHED

CVSS v3.1

7.4

HIGH

Description

Group-Office is an enterprise CRM and groupware tool. In affected versions there is full Server-Side Request Forgery (SSRF) vulnerability in the /api/upload.php endpoint. The /api/upload.php endpoint does not filter URLs which allows a malicious user to cause the server to make resource requests to untrusted domains. Note that protocols like file:// can also be used to access the server disk. The request result (on success) can then be retrieved using /api/download.php. This issue has been addressed in versions 6.8.15, 6.7.54, and 6.6.177. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Vendor	Product	Versions
Intermesh	groupoffice	affected `>= 6.3.0, < 6.6.177` affected `>= 6.7.0, < 6.7.54` affected `>= 6.8.0, < 6.8.15`

Weaknesses (CWE)

CWE-918

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

Low

References

https://github.com/Intermesh/groupoffice/security/advisories/GHSA-vw6c-h82w-mvfv

x_refsource_CONFIRM

https://github.com/Intermesh/groupoffice/commit/99205535e8cec6592fd7f1469837926f27c72d50

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-46730

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References