Server-Side Request Forgery (SSRF) in WordPress - CVE-2019-17670
Published: March 25, 2020
Vulnerability identifier: #VU26385
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2019-17670
CWE-ID: CWE-918
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: WordPress.ORG
Affected software:
WordPress
WordPress
Detailed vulnerability description
The disclosed vulnerability allows a remote attacker to perform SSRF attacks.
The vulnerability exists due to insufficient validation of relative paths on Windows system. A remote attacker can send a specially crafted HTTP request to the website and trick the application to initiate requests to arbitrary systems.
Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, but requires that WordPress in deployed on Windows system.
How to mitigate CVE-2019-17670
Install updates from vendor's website.
Sources
- https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
- https://core.trac.wordpress.org/changeset/46472
- https://github.com/WordPress/WordPress/commit/9db44754b9e4044690a6c32fd74b9d5fe26b07b2
- https://lists.debian.org/debian-lts-announce/2019/11/msg00000.html
- https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
- https://wpvulndb.com/vulnerabilities/9912