CVE-2021-42079
SSRF vulnerability in OSNEXUS QuantaStor before 6.0.0.355
| CVE | CVE-2021-42079 | |||||||||||
| Title | SSRF vulnerability in OSNEXUS QuantaStor before 6.0.0.355 | |||||||||||
| Credits |
|
|||||||||||
| Affected products |
|
|||||||||||
| CVSS |
Base score:
6.2
(MEDIUM) |
|||||||||||
| References |
|
|||||||||||
| Problem type(s) | CWE-918 Server-Side Request Forgery (SSRF) | |||||||||||
| Date published | ||||||||||||
| Last modified | 10 Jul 2023 06:29 UTC |
Description
An authenticated administrator is able to prepare an alert that is able to execute an SSRF attack. This is exclusively with POST requests.
Solution(s)
Upgrade to the latest version of OSNEXUS QuantaStor.
JSON version.