CVE-2017-18638

NameCVE-2017-18638
Descriptionsend_email in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent to an e-mail address that can be supplied by the attacker. Thus, an attacker can exfiltrate any information.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-1962-1
NVD severitymedium

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
graphite-web (PTS)jessie0.9.12+debian-6vulnerable
jessie (security)0.9.12+debian-6+deb8u1fixed
buster1.1.4-3+deb10u1fixed
bullseye, sid1.1.4-5fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
graphite-websource(unstable)1.1.4-5
graphite-websourcebuster1.1.4-3+deb10u1
graphite-websourcejessie0.9.12+debian-6+deb8u1DLA-1962-1

Notes

https://github.com/graphite-project/graphite-web/issues/2008
https://github.com/graphite-project/graphite-web/pull/2499
https://github.com/graphite-project/graphite-web/security/advisories/GHSA-vfj6-275q-4pvm

Search for package or bug name: Reporting problems