CVE-2024-5885 - OpenCVE

stangirard/quivr version 0.0.236 contains a Server-Side Request Forgery (SSRF) vulnerability. The application does not provide sufficient controls when crawling a website, allowing an attacker to access applications on the local network. This vulnerability could allow a malicious user to gain access to internal servers, the AWS metadata endpoint, and capture Supabase data.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Quivr	Quivr

Configuration 1 [-]

cpe:2.3:a:quivr:quivr:0.0.236:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://huntr.com/bounties/c178bf48-1d4a-4743-87ca-4cc8e475d274

History

Tue, 20 Aug 2024 21:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Quivr Quivr quivr
CPEs		cpe:2.3:a:quivr:quivr:0.0.236:::::::*
Vendors & Products		Quivr Quivr quivr
Metrics		cvssV3_1 `{'score': 8.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published: 2024-06-27T18:45:19.519Z

Updated: 2024-08-01T21:25:03.160Z

Reserved: 2024-06-11T21:40:44.149Z

Link: CVE-2024-5885

Vulnrichment

Updated: 2024-08-01T21:25:03.160Z

NVD

Status : Analyzed

Published: 2024-06-27T19:15:17.590

Modified: 2024-08-20T20:37:52.377

Link: CVE-2024-5885

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-5885", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-06-11T21:40:44.149Z", "datePublished": "2024-06-27T18:45:19.519Z", "dateUpdated": "2024-08-01T21:25:03.160Z"}, "containers": {"cna": {"title": "Server-Side Request Forgery (SSRF) in stangirard/quivr", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-06-27T18:45:19.519Z"}, "descriptions": [{"lang": "en", "value": "stangirard/quivr version 0.0.236 contains a Server-Side Request Forgery (SSRF) vulnerability. The application does not provide sufficient controls when crawling a website, allowing an attacker to access applications on the local network. This vulnerability could allow a malicious user to gain access to internal servers, the AWS metadata endpoint, and capture Supabase data."}], "affected": [{"vendor": "stangirard", "product": "stangirard/quivr", "versions": [{"version": "unspecified", "status": "affected", "versionType": "custom", "lessThanOrEqual": "latest"}]}], "references": [{"url": "https://huntr.com/bounties/c178bf48-1d4a-4743-87ca-4cc8e475d274"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "baseScore": 8.6, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-918 Server-Side Request Forgery (SSRF)", "cweId": "CWE-918"}]}], "source": {"advisory": "c178bf48-1d4a-4743-87ca-4cc8e475d274", "discovery": "EXTERNAL"}}, "adp": [{"affected": [{"vendor": "stangirard", "product": "quivr", "cpes": ["cpe:2.3:a:stangirard:quivr:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "*", "versionType": "custom"}]}, {"vendor": "stangirard", "product": "quivr", "cpes": ["cpe:2.3:a:stangirard:quivr:0.0.236:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0.0.236", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-02T19:40:28.096464Z", "id": "CVE-2024-5885", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-02T19:48:11.929Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:25:03.160Z"}, "title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/c178bf48-1d4a-4743-87ca-4cc8e475d274", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/c178bf48-1d4a-4743-87ca-4cc8e475d274", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:25:03.160Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-5885", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-02T19:40:28.096464Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:stangirard:quivr:*:*:*:*:*:*:*:*"], "vendor": "stangirard", "product": "quivr", "versions": [{"status": "affected", "version": "0", "lessThan": "*", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:stangirard:quivr:0.0.236:*:*:*:*:*:*:*"], "vendor": "stangirard", "product": "quivr", "versions": [{"status": "affected", "version": "0.0.236"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-02T19:42:35.598Z"}}], "cna": {"title": "Server-Side Request Forgery (SSRF) in stangirard/quivr", "source": {"advisory": "c178bf48-1d4a-4743-87ca-4cc8e475d274", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "CHANGED", "version": "3.0", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "stangirard", "product": "stangirard/quivr", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "latest"}]}], "references": [{"url": "https://huntr.com/bounties/c178bf48-1d4a-4743-87ca-4cc8e475d274"}], "descriptions": [{"lang": "en", "value": "stangirard/quivr version 0.0.236 contains a Server-Side Request Forgery (SSRF) vulnerability. The application does not provide sufficient controls when crawling a website, allowing an attacker to access applications on the local network. This vulnerability could allow a malicious user to gain access to internal servers, the AWS metadata endpoint, and capture Supabase data."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-06-27T18:45:19.519Z"}}}, "cveMetadata": {"cveId": "CVE-2024-5885", "state": "PUBLISHED", "dateUpdated": "2024-08-01T21:25:03.160Z", "dateReserved": "2024-06-11T21:40:44.149Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2024-06-27T18:45:19.519Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:quivr:quivr:0.0.236:*:*:*:*:*:*:*", "matchCriteriaId": "E5DD2EC1-728A-4B63-A8A5-EE56AC0AB560", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "stangirard/quivr version 0.0.236 contains a Server-Side Request Forgery (SSRF) vulnerability. The application does not provide sufficient controls when crawling a website, allowing an attacker to access applications on the local network. This vulnerability could allow a malicious user to gain access to internal servers, the AWS metadata endpoint, and capture Supabase data."}, {"lang": "es", "value": "La versi\u00f3n 0.0.236 de stangirard/quivr contiene una vulnerabilidad de Server-Side Request Forgery (SSRF). La aplicaci\u00f3n no proporciona controles suficientes al rastrear un sitio web, lo que permite a un atacante acceder a aplicaciones en la red local. Esta vulnerabilidad podr\u00eda permitir que un usuario malintencionado obtenga acceso a servidores internos, al endpoint de metadatos de AWS y capture datos de Supabase."}], "id": "CVE-2024-5885", "lastModified": "2024-08-20T20:37:52.377", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-27T19:15:17.590", "references": [{"source": "security@huntr.dev", "tags": ["Exploit", "Technical Description"], "url": "https://huntr.com/bounties/c178bf48-1d4a-4743-87ca-4cc8e475d274"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "security@huntr.dev", "type": "Primary"}]}