CVE-2024-39713

Published Aug 5, 2024

Last updated 2 months ago

CVSS high 8.6

Overview

Description: A Server-Side Request Forgery (SSRF) affects Rocket.Chat's Twilio webhook endpoint before version 6.10.1.
Source: support@hackerone.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.6
Impact score: 4
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Severity: HIGH

CVSS 3.0

Type: Secondary
Base score: 8.6
Impact score: 4
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Severity: HIGH

Weaknesses

nvd@nist.gov: CWE-918
134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-918

Hype score: Not currently trending

We have observed some interest in https://t.co/XcxCdd8fed CVE-2024-39713 in our sensors. This is a Server-Side Request Forgery (SSRF) vuln which could for example lead to some level of access to internal systems. We added a population scan for exposed IPs (1781 IPs found) https
@Shadowserver
11 Nov 2024
2327 Impressions
9 Retweets
17 Likes
5 Bookmarks
1 Reply
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:rocket.chat:rocket.chat:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2386061B-F94D-44C0-B373-8A1BF27DC6EA",
            "versionEndExcluding": "6.10.1"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 3.0

Weaknesses

Social media

Configurations

References