Asesidaa

**Nome do Software Vulnerável e Versões Afetadas** versões não especificadas **Descrição** Usuários com permissões de webhook podem realizar Server-Side Request Forgery (SSRF) via webhooks. Caso tenham permissão para visualizar os logs do webhook, a resposta parcial da solicitação também é exposta. Isso permite contornar firewalls para interagir com serviços internos. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** EspoCRM versions prior to 8.0.5 **Description** The issue is related to a Server-Side Request Forgery (SSRF) vulnerability via the upload image from URL API. Users with access to the `/Attachment/fromImageUrl` endpoint can specify a URL to point to an internal host. Although there is a check for content type, it can be bypassed by redirects in some cases. This SSRF can be leveraged to disclose internal information, target internal hosts, and bypass firewalls. **Recommendations** For versions prior to 8.0.5, upgrade to release version 8.0.5 or later to address the vulnerability. As a temporary workaround, consider restricting access to the `/Attachment/fromImageUrl` endpoint until the issue is resolved. Additionally, be cautious when using the upload image from URL API to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Group-Office versions prior to 6.8.15 Group-Office versions prior to 6.7.54 Group-Office versions prior to 6.6.177 **Description** The issue is related to a full Server-Side Request Forgery (SSRF) vulnerability in the "/api/upload.php" endpoint. This endpoint does not filter URLs, allowing a malicious user to cause the server to make resource requests to untrusted domains. Protocols like "file://" can also be used to access the server disk. The request result can then be retrieved using "/api/download.php". **Recommendations** For versions prior to 6.8.15, upgrade to version 6.8.15 or later. For versions prior to 6.7.54, upgrade to version 6.7.54 or later. For versions prior to 6.6.177, upgrade to version 6.6.177 or later.

**Name of the Vulnerable Software and Affected Versions** FoodCoopShop versions prior to 3.6.1 **Description** The issue is related to server-side request forgery. In the Network module, a manufacturer account can use the "/api/updateProducts.json" endpoint to make the server send a request to an arbitrary host, allowing the server to be used as a proxy into the internal network. Additionally, there is a time of check time of use issue due to inadequate checks on valid images. This can be exploited by using a custom server that returns 200 on HEAD requests, then returns a valid image on the first GET request, and then a 302 redirect to the final target on the second GET request, making it a full SSRF. **Recommendations** For versions prior to 3.6.1, update to version 3.6.1 to fix the vulnerability. As a temporary workaround, consider restricting access to the "/api/updateProducts.json" endpoint in the Network module to minimize the risk of exploitation. Avoid using the `data[data][0][image]` parameter in the affected API endpoint until the issue is resolved.