CVE-2017-18638

Published: 11 October 2019

send_email in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent to an e-mail address that can be supplied by the attacker. Thus, an attacker can exfiltrate any information.

From the Ubuntu Security Team

It was discovered that Graphite insecurely handled certain crafted input on the send_email functionality. A remote attacker could possibly use this issue to exfiltrate sensitive information, resulting in a SSRF attack.

Priority

Cvss 3 Severity Score

7.5

Score breakdown

Status

Package	Release	Status
graphite-web Launchpad, Ubuntu, Debian	impish	Not vulnerable (1.1.4-5)
	bionic	Released (1.0.2+debian-2ubuntu0.1~esm1) Available with Ubuntu Pro
	hirsute	Not vulnerable (1.1.4-5)
	xenial	Released (0.9.15+debian-1ubuntu0.1~esm1) Available with Ubuntu Pro
	trusty	Released (0.9.12+debian-3ubuntu0.1~esm1) Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
	lunar	Not vulnerable (1.1.4-5)
	disco	Ignored (end of life)
	eoan	Ignored (end of life)
	focal	Not vulnerable (1.1.4-5)
	groovy	Not vulnerable (1.1.4-5)
	jammy	Not vulnerable (1.1.4-5)
	kinetic	Not vulnerable (1.1.4-5)
	upstream	Needed

Severity score breakdown

Parameter	Value
Base score	7.5
Attack vector	Network
Attack complexity	Low
Privileges required	None
User interaction	None
Scope	Unchanged
Confidentiality	High
Integrity impact	None
Availability impact	None
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›