CVE-2024-5885 HIGH

CVE-2024-5885: Server-Side Request Forgery (SSRF) in stangirard/quivr

Vendor Stangirard

Product stangirard/quivr

Weakness CWE-918 · SSRF

Published June 27, 2024

Last update August 1, 2024

View on NVD All CVEs

CVSS base score

8.6/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

stangirard/quivr version 0.0.236 contains a Server-Side Request Forgery (SSRF) vulnerability. The application does not provide sufficient controls when crawling a website, allowing an attacker to access applications on the local network. This vulnerability could allow a malicious user to gain access to internal servers, the AWS metadata endpoint, and capture Supabase data.

Key dates

02Disclosure timeline

June 27, 2024 CVE published

August 1, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-5885 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/918.html

Related vulnerabilities

Identifiers

CVE CVE-2024-5885

CWE CWE-918

CVSS 8.6 / HIGH

Affected versions