Bug 1154007 - (CVE-2017-18638) VUL-0: CVE-2017-18638: graphite-web: SSRF vulnerability in send_email in graphite-web/webapp/graphite/composer/views.py
(CVE-2017-18638)
VUL-0: CVE-2017-18638: graphite-web: SSRF vulnerability in send_email in grap...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/244808/
CVSSv3:SUSE:CVE-2017-18638:5.9:(AV:N/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-10-15 07:27 UTC by Alexander Bergmann
Modified: 2019-11-02 19:06 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2019-10-15 07:27:49 UTC
CVE-2017-18638

send_email in graphite-web/webapp/graphite/composer/views.py in Graphite through
1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an
attacker to have the Graphite web server request any resource. The response to
this SSRF request is encoded into an image file and then sent to an e-mail
address that can be supplied by the attacker. Thus, an attacker can exfiltrate
any information.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18638
http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-18638.html
http://www.cvedetails.com/cve/CVE-2017-18638/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18638
https://github.com/graphite-project/graphite-web/security/advisories/GHSA-vfj6-275q-4pvm
https://www.youtube.com/watch?v=ds4Gp4xoaeA
https://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.html#second-bug-internal-graphite-ssrf
https://github.com/graphite-project/graphite-web/issues/2008
https://github.com/graphite-project/graphite-web/pull/2499
Comment 2 Swamp Workflow Management 2019-10-29 14:17:12 UTC
SUSE-SU-2019:2803-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1154007
CVE References: CVE-2017-18638
Sources used:
SUSE Enterprise Storage 4 (src):    graphite-web-0.9.12-5.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 3 Marcus Meissner 2019-11-02 19:06:20 UTC
done