CVE-2024-23825 - OpenCVE

TablePress is a table plugin for Wordpress. For importing tables, TablePress makes external HTTP requests based on a URL that is provided by the user. That user input is filtered insufficiently, which makes it is possible to send requests to unintended network locations and receive responses. On sites in a cloud environment like AWS, an attacker can potentially make GET requests to the instance's metadata REST API. If the instance's configuration is insecure, this can lead to the exposure of internal data, including credentials. This vulnerability is fixed in 2.2.5.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Tablepress	Tablepress

Configuration 1 [-]

cpe:2.3:a:tablepress:tablepress:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://github.com/TablePress/TablePress/commit/62aab50e7a9c486caaeff26dff4dc01e059ecb91
https://github.com/TablePress/TablePress/security/advisories/GHSA-x8rf-c8x6-mrpg

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-01-30T16:22:04.876Z

Updated: 2024-08-01T23:13:08.237Z

Reserved: 2024-01-22T22:23:54.338Z

Link: CVE-2024-23825

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2024-01-30T17:15:11.180

Modified: 2024-02-05T18:46:02.203

Link: CVE-2024-23825

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-23825", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-01-22T22:23:54.338Z", "datePublished": "2024-01-30T16:22:04.876Z", "dateUpdated": "2024-08-01T23:13:08.237Z"}, "containers": {"cna": {"title": "TablePress SSRF vulnerability due to insufficient filtering of cloud provider hosts", "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/TablePress/TablePress/security/advisories/GHSA-x8rf-c8x6-mrpg", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/TablePress/TablePress/security/advisories/GHSA-x8rf-c8x6-mrpg"}, {"name": "https://github.com/TablePress/TablePress/commit/62aab50e7a9c486caaeff26dff4dc01e059ecb91", "tags": ["x_refsource_MISC"], "url": "https://github.com/TablePress/TablePress/commit/62aab50e7a9c486caaeff26dff4dc01e059ecb91"}], "affected": [{"vendor": "TablePress", "product": "TablePress", "versions": [{"version": "< 2.2.5", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-01-30T16:22:04.876Z"}, "descriptions": [{"lang": "en", "value": "TablePress is a table plugin for Wordpress. For importing tables, TablePress makes external HTTP requests based on a URL that is provided by the user. That user input is filtered insufficiently, which makes it is possible to send requests to unintended network locations and receive responses. On sites in a cloud environment like AWS, an attacker can potentially make GET requests to the instance's metadata REST API. If the instance's configuration is insecure, this can lead to the exposure of internal data, including credentials. This vulnerability is fixed in 2.2.5."}], "source": {"advisory": "GHSA-x8rf-c8x6-mrpg", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:13:08.237Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/TablePress/TablePress/security/advisories/GHSA-x8rf-c8x6-mrpg", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/TablePress/TablePress/security/advisories/GHSA-x8rf-c8x6-mrpg"}, {"name": "https://github.com/TablePress/TablePress/commit/62aab50e7a9c486caaeff26dff4dc01e059ecb91", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/TablePress/TablePress/commit/62aab50e7a9c486caaeff26dff4dc01e059ecb91"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tablepress:tablepress:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "0B3AFBC2-9363-4181-8CFE-E00D51043CAD", "versionEndExcluding": "2.2.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "TablePress is a table plugin for Wordpress. For importing tables, TablePress makes external HTTP requests based on a URL that is provided by the user. That user input is filtered insufficiently, which makes it is possible to send requests to unintended network locations and receive responses. On sites in a cloud environment like AWS, an attacker can potentially make GET requests to the instance's metadata REST API. If the instance's configuration is insecure, this can lead to the exposure of internal data, including credentials. This vulnerability is fixed in 2.2.5."}, {"lang": "es", "value": "TablePress es un complemento de tablas para Wordpress. Para importar tablas, TablePress realiza solicitudes HTTP externas basadas en una URL proporcionada por el usuario. Esa entrada del usuario no se filtra lo suficiente, lo que hace posible enviar solicitudes a ubicaciones de red no deseadas y recibir respuestas. En sitios en un entorno de nube como AWS, un atacante puede potencialmente realizar solicitudes GET a la API REST de metadatos de la instancia. Si la configuraci\u00f3n de la instancia no es segura, esto puede provocar la exposici\u00f3n de datos internos, incluidas las credenciales. Esta vulnerabilidad se solucion\u00f3 en 2.2.5."}], "id": "CVE-2024-23825", "lastModified": "2024-02-05T18:46:02.203", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.0, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-01-30T17:15:11.180", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/TablePress/TablePress/commit/62aab50e7a9c486caaeff26dff4dc01e059ecb91"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/TablePress/TablePress/security/advisories/GHSA-x8rf-c8x6-mrpg"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-918"}], "source": "security-advisories@github.com", "type": "Secondary"}]}