SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning.
References
Link | Resource |
---|---|
https://github.com/osTicket/osTicket/commit/d98c2d096aeb8876c6ab2f88317cd371d781f14d | Patch Third Party Advisory |
https://blackbatsec.medium.com/cve-2020-24881-server-side-request-forgery-in-osticket-eea175e147f0 | Exploit Third Party Advisory |
http://packetstormsecurity.com/files/160995/osTicket-1.14.2-Server-Side-Request-Forgery.html | Exploit Third Party Advisory VDB Entry |
Configurations
Information
Published : 2020-11-02 13:15
Updated : 2021-01-29 18:29
NVD link : CVE-2020-24881
Mitre link : CVE-2020-24881
JSON object : View
CWE
CWE-918
Server-Side Request Forgery (SSRF)
Products Affected
osticket
- osticket