CVE-2024-23825 - Vulnerability Details

Vendors	Products
Tablepress	Tablepress

Link	Providers
https://github.com/TablePress/TablePress/commit/62aab50e7a9c486caaeff26dff4dc01e059ecb91
https://github.com/TablePress/TablePress/security/advisories/GHSA-x8rf-c8x6-mrpg

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-23825", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-01-22T22:23:54.338Z", "datePublished": "2024-01-30T16:22:04.876Z", "dateUpdated": "2024-08-01T23:13:08.237Z"}, "containers": {"cna": {"title": "TablePress SSRF vulnerability due to insufficient filtering of cloud provider hosts", "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/TablePress/TablePress/security/advisories/GHSA-x8rf-c8x6-mrpg", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/TablePress/TablePress/security/advisories/GHSA-x8rf-c8x6-mrpg"}, {"name": "https://github.com/TablePress/TablePress/commit/62aab50e7a9c486caaeff26dff4dc01e059ecb91", "tags": ["x_refsource_MISC"], "url": "https://github.com/TablePress/TablePress/commit/62aab50e7a9c486caaeff26dff4dc01e059ecb91"}], "affected": [{"vendor": "TablePress", "product": "TablePress", "versions": [{"version": "< 2.2.5", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-01-30T16:22:04.876Z"}, "descriptions": [{"lang": "en", "value": "TablePress is a table plugin for Wordpress. For importing tables, TablePress makes external HTTP requests based on a URL that is provided by the user. That user input is filtered insufficiently, which makes it is possible to send requests to unintended network locations and receive responses. On sites in a cloud environment like AWS, an attacker can potentially make GET requests to the instance's metadata REST API. If the instance's configuration is insecure, this can lead to the exposure of internal data, including credentials. This vulnerability is fixed in 2.2.5."}], "source": {"advisory": "GHSA-x8rf-c8x6-mrpg", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:13:08.237Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/TablePress/TablePress/security/advisories/GHSA-x8rf-c8x6-mrpg", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/TablePress/TablePress/security/advisories/GHSA-x8rf-c8x6-mrpg"}, {"name": "https://github.com/TablePress/TablePress/commit/62aab50e7a9c486caaeff26dff4dc01e059ecb91", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/TablePress/TablePress/commit/62aab50e7a9c486caaeff26dff4dc01e059ecb91"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tablepress:tablepress:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "0B3AFBC2-9363-4181-8CFE-E00D51043CAD", "versionEndExcluding": "2.2.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "TablePress is a table plugin for Wordpress. For importing tables, TablePress makes external HTTP requests based on a URL that is provided by the user. That user input is filtered insufficiently, which makes it is possible to send requests to unintended network locations and receive responses. On sites in a cloud environment like AWS, an attacker can potentially make GET requests to the instance's metadata REST API. If the instance's configuration is insecure, this can lead to the exposure of internal data, including credentials. This vulnerability is fixed in 2.2.5."}, {"lang": "es", "value": "TablePress es un complemento de tablas para Wordpress. Para importar tablas, TablePress realiza solicitudes HTTP externas basadas en una URL proporcionada por el usuario. Esa entrada del usuario no se filtra lo suficiente, lo que hace posible enviar solicitudes a ubicaciones de red no deseadas y recibir respuestas. En sitios en un entorno de nube como AWS, un atacante puede potencialmente realizar solicitudes GET a la API REST de metadatos de la instancia. Si la configuraci\u00f3n de la instancia no es segura, esto puede provocar la exposici\u00f3n de datos internos, incluidas las credenciales. Esta vulnerabilidad se solucion\u00f3 en 2.2.5."}], "id": "CVE-2024-23825", "lastModified": "2024-11-21T08:58:30.060", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.0, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 1.4, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2024-01-30T17:15:11.180", "references": [{"source": "[email protected]", "tags": ["Patch"], "url": "https://github.com/TablePress/TablePress/commit/62aab50e7a9c486caaeff26dff4dc01e059ecb91"}, {"source": "[email protected]", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/TablePress/TablePress/security/advisories/GHSA-x8rf-c8x6-mrpg"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/TablePress/TablePress/commit/62aab50e7a9c486caaeff26dff4dc01e059ecb91"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/TablePress/TablePress/security/advisories/GHSA-x8rf-c8x6-mrpg"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "[email protected]", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-918"}], "source": "[email protected]", "type": "Primary"}]}

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object