The cBioPortal for Cancer Genomics provides visualization, analysis, and download of large-scale cancer genomics data sets. When running a publicly exposed proxy endpoint without authentication, cBioPortal could allow someone to perform a Server Side Request Forgery (SSRF) attack. Logged in users could do the same on private instances. A fix has been released in version 6.0.12. As a workaround, one might be able to disable `/proxy` endpoint entirely via, for example, nginx.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-07-23T18:14:41.169Z
Updated: 2024-08-02T04:46:52.924Z
Reserved: 2024-07-18T15:21:47.485Z
Link: CVE-2024-41668
Vulnrichment
Updated: 2024-08-02T04:46:52.924Z
NVD
Status : Awaiting Analysis
Published: 2024-07-23T19:15:13.437
Modified: 2024-11-21T09:32:56.450
Link: CVE-2024-41668
Redhat
No data.