Server Side Request Forgery(SSRF) in Table from CSV macro (Table Filter and Charts for Confluence Server) - CVE-2020-24898

Description

Affected versions of Table Filter and Charts for Confluence Server allow remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability in Table from CSV macro which could be exploited by providing URL in the CSV URL parameter.
Conditions: CSV source parameter is set to URL and a malicious URL is set in the CSV URL parameter.
When running in an environment like Amazon EC2, this flaw may be used to access to a metadata resource that provides access credentials and other potentially confidential information.

Done

Assignee

Andrey Khaneev

Reporter

Dmitry Zagorovsky [StiltSoft]

CVSS 3.1 Score

7.6 (High) (!) This is an independent assessment and you should evaluate its applicability to your own IT environment.
Configure