summary

Server Side Request Forgery(SSRF) in Table from CSV macro (Table Filter and Charts for Confluence Server) - CVE-2020-24898

Description

Affected versions of Table Filter and Charts for Confluence Server allow remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability in Table from CSV macro which could be exploited by providing URL in the CSV URL parameter.
Conditions: CSV source parameter is set to URL and a malicious URL is set in the CSV URL parameter.
When running in an environment like Amazon EC2, this flaw may be used to access to a metadata resource that provides access credentials and other potentially confidential information.

Done

Assignee

Andrey Khaneev

Reporter

Dmitry Zagorovsky [StiltSoft]

CVSS 3.1 Score

7.6 (High) (!) This is an independent assessment and you should evaluate its applicability to your own IT environment.

CVSS Calculator

https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

Fix versions

5.3.26 (Table Filter and Charts for Confluence Server)

Components

Table Filter and Charts for Confluence Server

Configure