CVE-2024-39713

Name of the Vulnerable Software and Affected Versions Rocket.Chat versions prior to 6.10.1

Description A Server-Side Request Forgery (SSRF) affects Rocket.Chat’s Twilio webhook endpoint. SSRF occurs when an application makes requests to an unintended location, potentially allowing an attacker to access internal systems. Approximately 1781 internet-exposed instances have been identified. The issue allows attackers to redirect requests, potentially exposing sensitive data. The vulnerable component is the Twilio webhook endpoint, specifically the handling of requests to this endpoint. The webhook functionality is susceptible to manipulation, allowing an attacker to control the destination of server-side requests.

Recommendations Versions prior to 6.10.1 should be updated to version 6.10.1 or later.