The fetch API in Tightrope Media Carousel before 7.1.3 has CarouselAPI/v0/fetch?url= SSRF. This has two potential areas for abuse. First, a specially crafted URL could be used in a phishing attack to hijack the trust the user and the browser have with the website and could serve malicious content from a third-party attacker-controlled system. Second, arguably more severe, is the potential for an attacker to circumvent firewall controls, by proxying traffic, unauthenticated, into the internal network from the internet.
References
Link | Resource |
---|---|
https://www.carouselsignage.com/release-notes/carousel-7-1-3 | Release Notes |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-08-26T17:11:57
Updated: 2019-08-26T17:11:57
Reserved: 2019-06-28T00:00:00
Link: CVE-2019-13020
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-08-26T18:15:11.857
Modified: 2019-09-06T17:54:03.430
Link: CVE-2019-13020
JSON object: View
Redhat Information
No data.
CWE