Vulnerability Details CVE-2020-24881
SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.906
EPSS Ranking 99.6%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://packetstormsecurity.com/files/160995/osTicket-1.14.2-Server-Side-Request-Forgery.html
- https://blackbatsec.medium.com/cve-2020-24881-server-side-request-forgery-in-osticket-eea175e147f0
- https://github.com/osTicket/osTicket/commit/d98c2d096aeb8876c6ab2f88317cd371d781f14d
- http://packetstormsecurity.com/files/160995/osTicket-1.14.2-Server-Side-Request-Forgery.html
- https://blackbatsec.medium.com/cve-2020-24881-server-side-request-forgery-in-osticket-eea175e147f0
- https://github.com/osTicket/osTicket/commit/d98c2d096aeb8876c6ab2f88317cd371d781f14d
Products affected by CVE-2020-24881
-
cpe:2.3:a:osticket:osticket:-
-
cpe:2.3:a:osticket:osticket:1.0
-
cpe:2.3:a:osticket:osticket:1.10.4
-
cpe:2.3:a:osticket:osticket:1.10.5
-
cpe:2.3:a:osticket:osticket:1.10.6
-
cpe:2.3:a:osticket:osticket:1.10.7
-
cpe:2.3:a:osticket:osticket:1.11
-
cpe:2.3:a:osticket:osticket:1.12
-
cpe:2.3:a:osticket:osticket:1.12.1
-
cpe:2.3:a:osticket:osticket:1.12.2
-
cpe:2.3:a:osticket:osticket:1.2.7
-
cpe:2.3:a:osticket:osticket:1.3.0
-
cpe:2.3:a:osticket:osticket:1.6
-
cpe:2.3:a:osticket:osticket:1.6.0
-
cpe:2.3:a:osticket:osticket:1.8.0
-
cpe:2.3:a:osticket:osticket:1.8.0.1
-
cpe:2.3:a:osticket:osticket:1.8.0.2
-
cpe:2.3:a:osticket:osticket:1.8.0.3
-
cpe:2.3:a:osticket:osticket:1.8.0.4
-
cpe:2.3:a:osticket:osticket:1.8.1
-
cpe:2.3:a:osticket:osticket:1.8.1.1
-
cpe:2.3:a:osticket:osticket:1.8.1.2
-
cpe:2.3:a:osticket:osticket:1.8.3
-
cpe:2.3:a:osticket:osticket:1.8.4
-
cpe:2.3:a:osticket:osticket:1.9.0
-
cpe:2.3:a:osticket:osticket:1.9.1
-
cpe:2.3:a:osticket:osticket:1.9.2
-
cpe:2.3:a:osticket:osticket:1.9.4
-
cpe:2.3:a:osticket:osticket:1.9.5