CVE-2021-32698
6.8
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Summary
eLabFTW is an open source electronic lab notebook for research labs. This vulnerability allows an attacker to make GET requests on behalf of the server. It is "blind" because the attacker cannot see the result of the request. Issue has been patched in eLabFTW 4.0.0.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| elabftw | elabftw | < 4.0.0 | affected |
Weaknesses
- CWE-918: CWE-918: Server-Side Request Forgery (SSRF)
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/elabftw/elabftw/security/advisories/GHSA-mh6g-62p8-26m4
- https://github.com/elabftw/elabftw/commit/3d2db4d3ad90b0915f29f05aeba41eaaf6a7c726
References
- https://github.com/elabftw/elabftw/security/advisories/GHSA-mh6g-62p8-26m4
- https://github.com/elabftw/elabftw/commit/3d2db4d3ad90b0915f29f05aeba41eaaf6a7c726
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.