An issue was discovered in Hyland org.alfresco:alfresco-content-services through 6.2.2.18 and org.alfresco:alfresco-transform-services through 1.3. A crafted HTML file, once uploaded, could trigger an unexpected request by the transformation engine. The response to the request is not available to the attacker, i.e., this is blind SSRF.
References
Link | Resource |
---|---|
https://github.com/Alfresco/acs-packaging/blob/master/DISCLOSURES.md | Third Party Advisory |
https://www.themissinglink.com.au/ | Third Party Advisory |
https://github.com/Alfresco/acs-packaging/blob/master/DISCLOSURES.md | Third Party Advisory |
https://www.themissinglink.com.au/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 06:26
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/Alfresco/acs-packaging/blob/master/DISCLOSURES.md - Third Party Advisory | |
References | () https://www.themissinglink.com.au/ - Third Party Advisory |
27 Oct 2021, 20:24
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 5.3 |
CWE | CWE-918 | |
CPE | cpe:2.3:a:alfresco:alfresco_content_services:*:*:*:*:*:*:*:* cpe:2.3:a:alfresco:alfresco_transform_services:*:*:*:*:*:*:*:* |
|
References | (MISC) https://www.themissinglink.com.au/ - Third Party Advisory | |
References | (MISC) https://github.com/Alfresco/acs-packaging/blob/master/DISCLOSURES.md - Third Party Advisory |
21 Oct 2021, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-10-21 09:15
Updated : 2024-11-21 06:26
NVD link : CVE-2021-41792
Mitre link : CVE-2021-41792
CVE.ORG link : CVE-2021-41792
JSON object : View
Products Affected
alfresco
- alfresco_content_services
- alfresco_transform_services
CWE
CWE-918
Server-Side Request Forgery (SSRF)