CVE-2017-18638 Information

Description

send_email in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent to an e-mail address that can be supplied by the attacker. Thus an attacker can exfiltrate any information.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

https://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.htmlsecond-bug-internal-graphite-ssrf https://github.com/graphite-project/graphite-web/issues/2008 https://github.com/graphite-project/graphite-web/pull/2499 https://github.com/graphite-project/graphite-web/security/advisories/GHSA-vfj6-275q-4pvm https://lists.debian.org/debian-lts-announce/2019/10/msg00030.html https://www.youtube.com/watch?v=ds4Gp4xoaeA

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

7.5