Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin <= 6.2 - Authenticated (Admin+) Server-Side Request Forgery via Webhook 漏洞信息(CVE-2024-13838)

一、漏洞 CVE-2024-13838 基础信息

美国国家漏洞数据库 NVD

漏洞标题

Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin <= 6.2 - Authenticated (Admin+) Server-Side Request Forgery via Webhook

来源：美国国家漏洞数据库 NVD

漏洞描述信息

The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.2 via the 'call_webhook' method of the Automator_Send_Webhook class This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

来源：美国国家漏洞数据库 NVD

CVSS信息

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

来源：美国国家漏洞数据库 NVD

漏洞类别

服务端请求伪造(SSRF)

来源：美国国家漏洞数据库 NVD

二、漏洞 CVE-2024-13838 的公开POC

#	POC 描述	源链接	神龙链接

一、 漏洞 CVE-2024-13838 基础信息

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

二、漏洞 CVE-2024-13838 的公开POC

三、漏洞 CVE-2024-13838 的情报信息

一、漏洞 CVE-2024-13838 基础信息