The fetch API in Tightrope Media Carousel before 7.1.3 has CarouselAPI/v0/fetch?url= SSRF. This has two potential areas for abuse. First, a specially crafted URL could be used in a phishing attack to hijack the trust the user and the browser have with the website and could serve malicious content from a third-party attacker-controlled system. Second, arguably more severe, is the potential for an attacker to circumvent firewall controls, by proxying traffic, unauthenticated, into the internal network from the internet.
References
Link | Resource |
---|---|
https://www.carouselsignage.com/release-notes/carousel-7-1-3 | Release Notes |
Configurations
Information
Published : 2019-08-26 11:15
Updated : 2019-09-06 10:54
NVD link : CVE-2019-13020
Mitre link : CVE-2019-13020
JSON object : View
CWE
CWE-918
Server-Side Request Forgery (SSRF)
Products Affected
trms
- tightrope_media_carousel