CVE-2024-39713

A Server-Side Request Forgery (SSRF) affects Rocket.Chat's Twilio webhook endpoint before version 6.10.1.

CVSS v3.0 8.6 HIGH

8.6^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://hackerone.com/reports/1886954	Issue Tracking Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:rocket.chat:rocket.chat:*:*:*:*:*:*:*:*

History

30 Aug 2024, 15:47

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.6
CPE		cpe:2.3:a:rocket.chat:rocket.chat::::::::
First Time		Rocket.chat rocket.chat Rocket.chat
References	~~() https://hackerone.com/reports/1886954 -~~	() https://hackerone.com/reports/1886954 - Issue Tracking, Third Party Advisory
CWE		CWE-918

05 Aug 2024, 05:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-05 05:15

Updated : 2024-09-06 17:35

NVD link : CVE-2024-39713

Mitre link : CVE-2024-39713

JSON object : View

Products Affected

rocket.chat

rocket.chat

CWE

CWE-918

Server-Side Request Forgery (SSRF)

8.6 /10