Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

SS-2018-002: SSRF vulnerability

SS-2018-002: SSRF vulnerability

Severity:
Low (?)
Identifier:
SS-2018-002
Versions Affected:
silverstripe/asset-admin: >=1.0.0
Versions Fixed:
silverstripe/asset-admin: 1.2.0
Release Date:
2018-07-25

A Server Side Request Forgery (SSRF) vulnerability in the "Insert Media" feature (oembed) of the CMS allows a malicious user to make requests to the local network to expose potentially sensitive information about open ports. To our knowledge, the vulnerability can not be used to retrieve data available via those ports.

Reported by Ahmad Ashraff of Aura Information Security