CVE-2020-13650

Published: Jun 15, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An issue was discovered in DigDash 2018R2 before p20200210 and 2019R1 before p20200210. The login page is vulnerable to Server-Side Request Forgery (SSRF) that allows use of the application as a proxy. Sent to an external server, a forged request discloses application credentials. For a request to an internal component, the request is blind, but through the error message it's possible to determine whether the request targeted a open service.

Affected (3)

Products: Digdash: Digdash

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Digdash Digdash	Version 2018r2
Digdash Digdash	Version 2019r1
Digdash Digdash	Version 2019r2

Related CWEs

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (2)

https://know.bishopfox.com/advisories/digdash-version-2018

Source: cve@mitre.org

Third Party Advisory

https://know.bishopfox.com/advisories/digdash-version-2018

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.