Rapid7 Vulnerability & Exploit Database

SUSE: CVE-2020-28463: SUSE Linux Security Advisory

Back to Search

SUSE: CVE-2020-28463: SUSE Linux Security Advisory

Severity
4
CVSS
(AV:N/AC:L/Au:S/C:P/I:N/A:N)
Published
02/18/2021
Created
08/12/2021
Added
08/10/2021
Modified
09/24/2021

Description

All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab's documentation) Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demos -> odyssey -> dodyssey 3. In the text file odyssey.txt that needs to be converted to pdf inject <img src="http://127.0.0.1:5000" valign="top"/> 4. Create a nc listener nc -lp 5000 5. Run python3 dodyssey.py 6. You will get a hit on your nc showing we have successfully proceded to send a server side request 7. dodyssey.py will show error since there is no img file on the url, but we are able to do SSRF

Solution(s)

  • suse-upgrade-python-reportlab-debuginfo
  • suse-upgrade-python-reportlab-debugsource
  • suse-upgrade-python2-reportlab
  • suse-upgrade-python2-reportlab-debuginfo
  • suse-upgrade-python3-reportlab
  • suse-upgrade-python3-reportlab-debuginfo

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;