← Back

CVE-2023-26431

nvd nist
Published: Jun 20, 2023Modified: Nov 21, 2024

JSON object

Loading...
4.3
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Exploitability: 2.8 / Impact: 1.4
Source: NVD

Description

IPv4-mapped IPv6 addresses did not get recognized as "local" by the code and a connection attempt is made. Attackers with access to user accounts could use this to bypass existing deny-list functionality and trigger requests to restricted network infrastructure to gain insight about topology and running services. We now respect possible IPV4-mapped IPv6 addresses when checking if contained in a deny-list. No publicly available exploits are known.

Affected (4)

Open Xchange
1 product
Open Xchange Appsuite Backend
Configuration A
4 vulnerable
Vulnerable SoftwareAffected Versions
Open Xchange
Open Xchange Appsuite Backend
Before 7.10.6
Open Xchange Appsuite Backend
From 8.0.0 to 8.11.0
Open Xchange Appsuite Backend
Version 7.10.6
Open Xchange Appsuite Backend
Version 7.10.6 revision_39

Related CWEs

CWE-918
Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (8)

Source: security@open-xchange.com
Third Party AdvisoryVDB Entry
Source: security@open-xchange.com
Mailing ListThird Party Advisory
Source: security@open-xchange.com
Source: security@open-xchange.com
Release Notes
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes

Timeline

No history available yet.