Vulnerability Details CVE-2020-10791
app/Plugin/GrafanaModule/Controller/GrafanaConfigurationController.php in openITCOCKPIT before 3.7.3 allows remote authenticated users to trigger outbound TCP requests (aka SSRF) via the Test Connection feature (aka testGrafanaConnection) of the Grafana Module.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 35.1%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
- https://github.com/it-novum/openITCOCKPIT/commit/50722befae4cfedd0103f9b0ec2a7e22530b2385
- https://openitcockpit.io/2020/2020/03/23/openitcockpit-3-7-3-released/
- https://github.com/it-novum/openITCOCKPIT/commit/50722befae4cfedd0103f9b0ec2a7e22530b2385
- https://openitcockpit.io/2020/2020/03/23/openitcockpit-3-7-3-released/
Products affected by CVE-2020-10791
-
cpe:2.3:a:it-novum:openitcockpit:3.0.10
-
cpe:2.3:a:it-novum:openitcockpit:3.0.10-10
-
cpe:2.3:a:it-novum:openitcockpit:3.0.10-12
-
cpe:2.3:a:it-novum:openitcockpit:3.0.10-13
-
cpe:2.3:a:it-novum:openitcockpit:3.0.10-14
-
cpe:2.3:a:it-novum:openitcockpit:3.0.10-15
-
cpe:2.3:a:it-novum:openitcockpit:3.0.10-16
-
cpe:2.3:a:it-novum:openitcockpit:3.0.10-4
-
cpe:2.3:a:it-novum:openitcockpit:3.0.10-5
-
cpe:2.3:a:it-novum:openitcockpit:3.0.10-6
-
cpe:2.3:a:it-novum:openitcockpit:3.0.10-8
-
cpe:2.3:a:it-novum:openitcockpit:3.0.11
-
cpe:2.3:a:it-novum:openitcockpit:3.0.11-3
-
cpe:2.3:a:it-novum:openitcockpit:3.0.11-4
-
cpe:2.3:a:it-novum:openitcockpit:3.0.11-6
-
cpe:2.3:a:it-novum:openitcockpit:3.0.11-7
-
cpe:2.3:a:it-novum:openitcockpit:3.0.11-8
-
cpe:2.3:a:it-novum:openitcockpit:3.0.4
-
cpe:2.3:a:it-novum:openitcockpit:3.0.5
-
cpe:2.3:a:it-novum:openitcockpit:3.0.6-1
-
cpe:2.3:a:it-novum:openitcockpit:3.0.6-2
-
cpe:2.3:a:it-novum:openitcockpit:3.0.7
-
cpe:2.3:a:it-novum:openitcockpit:3.0.8
-
cpe:2.3:a:it-novum:openitcockpit:3.0.8-2
-
cpe:2.3:a:it-novum:openitcockpit:3.0.8-3
-
cpe:2.3:a:it-novum:openitcockpit:3.0.9
-
cpe:2.3:a:it-novum:openitcockpit:3.1.0
-
cpe:2.3:a:it-novum:openitcockpit:3.1.1
-
cpe:2.3:a:it-novum:openitcockpit:3.1.5
-
cpe:2.3:a:it-novum:openitcockpit:3.2.0
-
cpe:2.3:a:it-novum:openitcockpit:3.3.0
-
cpe:2.3:a:it-novum:openitcockpit:3.3.0-3
-
cpe:2.3:a:it-novum:openitcockpit:3.4.2
-
cpe:2.3:a:it-novum:openitcockpit:3.4.3
-
cpe:2.3:a:it-novum:openitcockpit:3.5.0
-
cpe:2.3:a:it-novum:openitcockpit:3.6.0
-
cpe:2.3:a:it-novum:openitcockpit:3.6.1
-
cpe:2.3:a:it-novum:openitcockpit:3.6.1.2
-
cpe:2.3:a:it-novum:openitcockpit:3.7.1
-
cpe:2.3:a:it-novum:openitcockpit:3.7.2