CVE-2021-32698 MEDIUM

CVE-2021-32698: Blind Server-Side Request Forgery (SSRF) in eLabFTW

Vendor Elabftw
Product elabftw
Weakness CWE-918 · SSRF
Published June 21, 2021
Last update August 3, 2024

CVSS base score

6.8/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

eLabFTW is an open source electronic lab notebook for research labs. This vulnerability allows an attacker to make GET requests on behalf of the server. It is "blind" because the attacker cannot see the result of the request. Issue has been patched in eLabFTW 4.0.0.

Key dates

02Disclosure timeline

June 21, 2021 CVE published
August 3, 2024 Record updated