Server Side Request Forgery(SSRF) in Table from CSV macro (Table Filter and Charts for Confluence Server) - CVE-2020-24898
Description
Affected versions of Table Filter and Charts for Confluence Server allow remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability in Table from CSV macro which could be exploited by providing URL in the CSV URL parameter.
Conditions: CSV source parameter is set to URL and a malicious URL is set in the CSV URL parameter.
When running in an environment like Amazon EC2, this flaw may be used to access to a metadata resource that provides access credentials and other potentially confidential information.
Done
Assignee
Reporter
CVSS 3.1 Score
7.6 (High) (!) This is an independent assessment and you should evaluate its applicability to your own IT environment.