CVE-2020-24881

Critical

SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning.

mitre·CWE-918·Published 2020-11-02

CVSS

9.8

EPSS

0.73

KEV

Exploits

cve.orgen

115 chars

SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning.

NVDen

115 chars

SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning.

NVDes

189 chars

Una vulnerabilidad de tipo SSRF se presenta en osTicket versiones anteriores a 1.14.3, donde un atacante puede agregar un archivo malicioso al servidor o llevar a cabo un escaneo de puertos

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	7.5	10.0	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H