PostHog provides open-source product analytics, session recording, feature flagging and A/B testing that you can self-host. A server-side request forgery (SSRF), which can only be exploited by authenticated users, was found in Posthog. Posthog did not verify whether a URL was local when enabling webhooks, allowing authenticated users to forge a POST request. This vulnerability has been addressed in `22bd5942` and will be included in subsequent releases. There are no known workarounds for this vulnerability.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-12-01T21:53:19.584Z
Updated: 2024-08-02T20:53:20.967Z
Reserved: 2023-10-25T14:30:33.753Z
Link: CVE-2023-46746
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-12-01T22:15:10.167
Modified: 2024-11-21T08:29:12.980
Link: CVE-2023-46746
Redhat
No data.