What the vulnerability does
01Description
Server-Side Request Forgery (SSRF) vulnerability in vEnCa-X rajce rajce allows Server Side Request Forgery.This issue affects rajce: from n/a through <= 0.4.2.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
What the vulnerability does
Server-Side Request Forgery (SSRF) vulnerability in vEnCa-X rajce rajce allows Server Side Request Forgery.This issue affects rajce: from n/a through <= 0.4.2.
Explanation of Vulnerability in Simple Terms
rajce versions up to 0.4.2 contain a server-side request forgery vulnerability that allows an authenticated attacker to make the site send requests to internal or external systems on their behalf. The attack requires low privileges and high attack complexity. The vulnerability can leak sensitive information and modify data on systems the site can reach, though availability is not affected.
What an attacker can do
Make the site send HTTP requests to internal systems or external servers to read data or perform actions.
Potential impact on your site
An authenticated user can probe your internal network, access cloud metadata, or interact with external APIs using your site's identity.
Conditions required to exploit
Attacker must have a low-privilege account on the site; no user interaction required.
Key dates
External resources