CVE-2024-5885 - Vulnerability Details - OpenCVE

stangirard/quivr version 0.0.236 contains a Server-Side Request Forgery (SSRF) vulnerability. The application does not provide sufficient controls when crawling a website, allowing an attacker to access applications on the local network. This vulnerability could allow a malicious user to gain access to internal servers, the AWS metadata endpoint, and capture Supabase data.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00163.

Key SSVC decision points have not yet been added.

Vendors	Products
Quivr	Quivr

Configuration 1 [-]

cpe:2.3:a:quivr:quivr:0.0.236:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2024-47022	stangirard/quivr version 0.0.236 contains a Server-Side Request Forgery (SSRF) vulnerability. The application does not provide sufficient controls when crawling a website, allowing an attacker to access applications on the local network. This vulnerability could allow a malicious user to gain access to internal servers, the AWS metadata endpoint, and capture Supabase data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://huntr.com/bounties/c178bf48-1d4a-4743-87ca-4cc8e475d274

History

Tue, 20 Aug 2024 21:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Quivr Quivr quivr
CPEs		cpe:2.3:a:quivr:quivr:0.0.236:::::::*
Vendors & Products		Quivr Quivr quivr
Metrics		cvssV3_1 `{'score': 8.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published: 2024-06-27T18:45:19.519Z

Updated: 2024-08-01T21:25:03.160Z

Reserved: 2024-06-11T21:40:44.149Z

Link: CVE-2024-5885

Vulnrichment

Updated: 2024-08-01T21:25:03.160Z

NVD

Status : Modified

Published: 2024-06-27T19:15:17.590

Modified: 2024-11-21T09:48:31.420

Link: CVE-2024-5885

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-5885", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-06-11T21:40:44.149Z", "datePublished": "2024-06-27T18:45:19.519Z", "dateUpdated": "2024-08-01T21:25:03.160Z"}, "containers": {"cna": {"title": "Server-Side Request Forgery (SSRF) in stangirard/quivr", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-06-27T18:45:19.519Z"}, "descriptions": [{"lang": "en", "value": "stangirard/quivr version 0.0.236 contains a Server-Side Request Forgery (SSRF) vulnerability. The application does not provide sufficient controls when crawling a website, allowing an attacker to access applications on the local network. This vulnerability could allow a malicious user to gain access to internal servers, the AWS metadata endpoint, and capture Supabase data."}], "affected": [{"vendor": "stangirard", "product": "stangirard/quivr", "versions": [{"version": "unspecified", "status": "affected", "versionType": "custom", "lessThanOrEqual": "latest"}]}], "references": [{"url": "https://huntr.com/bounties/c178bf48-1d4a-4743-87ca-4cc8e475d274"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "baseScore": 8.6, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-918 Server-Side Request Forgery (SSRF)", "cweId": "CWE-918"}]}], "source": {"advisory": "c178bf48-1d4a-4743-87ca-4cc8e475d274", "discovery": "EXTERNAL"}}, "adp": [{"affected": [{"vendor": "stangirard", "product": "quivr", "cpes": ["cpe:2.3:a:stangirard:quivr:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "*", "versionType": "custom"}]}, {"vendor": "stangirard", "product": "quivr", "cpes": ["cpe:2.3:a:stangirard:quivr:0.0.236:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0.0.236", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-02T19:40:28.096464Z", "id": "CVE-2024-5885", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-02T19:48:11.929Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:25:03.160Z"}, "title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/c178bf48-1d4a-4743-87ca-4cc8e475d274", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/c178bf48-1d4a-4743-87ca-4cc8e475d274", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:25:03.160Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-5885", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-02T19:40:28.096464Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:stangirard:quivr:*:*:*:*:*:*:*:*"], "vendor": "stangirard", "product": "quivr", "versions": [{"status": "affected", "version": "0", "lessThan": "*", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:stangirard:quivr:0.0.236:*:*:*:*:*:*:*"], "vendor": "stangirard", "product": "quivr", "versions": [{"status": "affected", "version": "0.0.236"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-02T19:42:35.598Z"}}], "cna": {"title": "Server-Side Request Forgery (SSRF) in stangirard/quivr", "source": {"advisory": "c178bf48-1d4a-4743-87ca-4cc8e475d274", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "CHANGED", "version": "3.0", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "stangirard", "product": "stangirard/quivr", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "latest"}]}], "references": [{"url": "https://huntr.com/bounties/c178bf48-1d4a-4743-87ca-4cc8e475d274"}], "descriptions": [{"lang": "en", "value": "stangirard/quivr version 0.0.236 contains a Server-Side Request Forgery (SSRF) vulnerability. The application does not provide sufficient controls when crawling a website, allowing an attacker to access applications on the local network. This vulnerability could allow a malicious user to gain access to internal servers, the AWS metadata endpoint, and capture Supabase data."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-06-27T18:45:19.519Z"}}}, "cveMetadata": {"cveId": "CVE-2024-5885", "state": "PUBLISHED", "dateUpdated": "2024-08-01T21:25:03.160Z", "dateReserved": "2024-06-11T21:40:44.149Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2024-06-27T18:45:19.519Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:quivr:quivr:0.0.236:*:*:*:*:*:*:*", "matchCriteriaId": "E5DD2EC1-728A-4B63-A8A5-EE56AC0AB560", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "stangirard/quivr version 0.0.236 contains a Server-Side Request Forgery (SSRF) vulnerability. The application does not provide sufficient controls when crawling a website, allowing an attacker to access applications on the local network. This vulnerability could allow a malicious user to gain access to internal servers, the AWS metadata endpoint, and capture Supabase data."}, {"lang": "es", "value": "La versi\u00f3n 0.0.236 de stangirard/quivr contiene una vulnerabilidad de Server-Side Request Forgery (SSRF). La aplicaci\u00f3n no proporciona controles suficientes al rastrear un sitio web, lo que permite a un atacante acceder a aplicaciones en la red local. Esta vulnerabilidad podr\u00eda permitir que un usuario malintencionado obtenga acceso a servidores internos, al endpoint de metadatos de AWS y capture datos de Supabase."}], "id": "CVE-2024-5885", "lastModified": "2024-11-21T09:48:31.420", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-27T19:15:17.590", "references": [{"source": "security@huntr.dev", "tags": ["Exploit", "Technical Description"], "url": "https://huntr.com/bounties/c178bf48-1d4a-4743-87ca-4cc8e475d274"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Technical Description"], "url": "https://huntr.com/bounties/c178bf48-1d4a-4743-87ca-4cc8e475d274"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "security@huntr.dev", "type": "Secondary"}]}