CVE-2023-6124 - OpenCVE

Server-Side Request Forgery (SSRF) in GitHub repository salesagility/suitecrm prior to 7.14.2, 8.4.2, 7.12.14.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Salesagility	Suitecrm

Configuration 1 [-]

OR	cpe:2.3:a:salesagility:suitecrm::::::::
	cpe:2.3:a:salesagility:suitecrm:7.14.0:::::::*
	cpe:2.3:a:salesagility:suitecrm:7.14.1:::::::*
	cpe:2.3:a:salesagility:suitecrm:8.4.0:::::::*
	cpe:2.3:a:salesagility:suitecrm:8.4.1:::::::*

No data.

References

Link	Providers
https://github.com/salesagility/suitecrm/commit/54bc56c3bd9f1db75408db1c1d7d652c3f5f71e9
https://huntr.com/bounties/aed4d8f3-ab9a-42fd-afea-b3ec288a148e

History

No history.

MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published: 2023-11-14T14:52:40.534Z

Updated: 2024-09-03T15:02:37.650Z

Reserved: 2023-11-14T14:52:21.792Z

Link: CVE-2023-6124

Vulnrichment

Updated: 2024-08-02T08:21:17.166Z

NVD

Status : Analyzed

Published: 2023-11-14T15:15:08.140

Modified: 2023-11-17T18:11:01.837

Link: CVE-2023-6124

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-6124", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2023-11-14T14:52:21.792Z", "datePublished": "2023-11-14T14:52:40.534Z", "dateUpdated": "2024-09-03T15:02:37.650Z"}, "containers": {"cna": {"title": "Server-Side Request Forgery (SSRF) in salesagility/suitecrm", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2023-11-14T14:52:40.534Z"}, "descriptions": [{"lang": "en", "value": "Server-Side Request Forgery (SSRF) in GitHub repository salesagility/suitecrm prior to 7.14.2, 8.4.2, 7.12.14."}], "affected": [{"vendor": "salesagility", "product": "salesagility/suitecrm", "versions": [{"version": "unspecified", "lessThan": "7.14.2, 8.4.2, 7.12.14", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/aed4d8f3-ab9a-42fd-afea-b3ec288a148e"}, {"url": "https://github.com/salesagility/suitecrm/commit/54bc56c3bd9f1db75408db1c1d7d652c3f5f71e9"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "baseScore": 5, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-918 Server-Side Request Forgery (SSRF)", "cweId": "CWE-918"}]}], "source": {"advisory": "aed4d8f3-ab9a-42fd-afea-b3ec288a148e", "discovery": "EXTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:21:17.166Z"}, "title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/aed4d8f3-ab9a-42fd-afea-b3ec288a148e", "tags": ["x_transferred"]}, {"url": "https://github.com/salesagility/suitecrm/commit/54bc56c3bd9f1db75408db1c1d7d652c3f5f71e9", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-03T15:01:00.626970Z", "id": "CVE-2023-6124", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-03T15:02:37.650Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/aed4d8f3-ab9a-42fd-afea-b3ec288a148e", "tags": ["x_transferred"]}, {"url": "https://github.com/salesagility/suitecrm/commit/54bc56c3bd9f1db75408db1c1d7d652c3f5f71e9", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:21:17.166Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-6124", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-03T15:01:00.626970Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-03T15:02:19.839Z"}}], "cna": {"title": "Server-Side Request Forgery (SSRF) in salesagility/suitecrm", "source": {"advisory": "aed4d8f3-ab9a-42fd-afea-b3ec288a148e", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "CHANGED", "version": "3.0", "baseScore": 5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "salesagility", "product": "salesagility/suitecrm", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "7.14.2, 8.4.2, 7.12.14", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/aed4d8f3-ab9a-42fd-afea-b3ec288a148e"}, {"url": "https://github.com/salesagility/suitecrm/commit/54bc56c3bd9f1db75408db1c1d7d652c3f5f71e9"}], "descriptions": [{"lang": "en", "value": "Server-Side Request Forgery (SSRF) in GitHub repository salesagility/suitecrm prior to 7.14.2, 8.4.2, 7.12.14."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2023-11-14T14:52:40.534Z"}}}, "cveMetadata": {"cveId": "CVE-2023-6124", "state": "PUBLISHED", "dateUpdated": "2024-09-03T15:02:37.650Z", "dateReserved": "2023-11-14T14:52:21.792Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2023-11-14T14:52:40.534Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:*", "matchCriteriaId": "18D4B46C-BB77-4846-AC5F-E0D3F97FE240", "versionEndExcluding": "7.12.14", "vulnerable": true}, {"criteria": "cpe:2.3:a:salesagility:suitecrm:7.14.0:*:*:*:*:*:*:*", "matchCriteriaId": "3A437911-198D-48C6-9903-03A2FECA7FD3", "vulnerable": true}, {"criteria": "cpe:2.3:a:salesagility:suitecrm:7.14.1:*:*:*:*:*:*:*", "matchCriteriaId": "494E67A7-EDE8-46C2-AC29-47AA09D61A61", "vulnerable": true}, {"criteria": "cpe:2.3:a:salesagility:suitecrm:8.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "2FB6718E-D5D2-4DF3-9342-363A78516BE8", "vulnerable": true}, {"criteria": "cpe:2.3:a:salesagility:suitecrm:8.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "9F70103A-8630-4F14-867F-9278AB1602ED", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Server-Side Request Forgery (SSRF) in GitHub repository salesagility/suitecrm prior to 7.14.2, 8.4.2, 7.12.14."}, {"lang": "es", "value": "Server-Side Request Forgery (SSRF) en el repositorio de GitHub salesagility/suitecrm anterior a 7.14.2, 8.4.2, 7.12.14."}], "id": "CVE-2023-6124", "lastModified": "2023-11-17T18:11:01.837", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.1, "impactScore": 1.4, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-14T15:15:08.140", "references": [{"source": "security@huntr.dev", "tags": ["Patch"], "url": "https://github.com/salesagility/suitecrm/commit/54bc56c3bd9f1db75408db1c1d7d652c3f5f71e9"}, {"source": "security@huntr.dev", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://huntr.com/bounties/aed4d8f3-ab9a-42fd-afea-b3ec288a148e"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-918"}], "source": "security@huntr.dev", "type": "Secondary"}]}