CVE-2020-13484 Information

Description

Bitrix24 through 20.0.975 allows SSRF via an intranet IP address in the services/main/ajax.php?action=attachUrlPreview url parameter if the destination URL hosts an HTML document containing ‘meta name=\og:image\ content=' followed by an intranet URL.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://gist.github.com/mariuszpoplwski/f261a4bc06adde5c78760559db9d63bd Bitrix24 through 20.0.975 allows SSRF via an intranet IP address in the services/main/ajax.php?action=attachUrlPreview url parameter if the destination URL hosts an HTML document containing ‘meta name=\og:image
content=' followed by an intranet URL.

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8