CVE-2020-24815
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
A Server-Side Request Forgery (SSRF) affecting the PDF generation in MicroStrategy 10.4, 2019 before Update 6, and 2020 before Update 2 allows authenticated users to access the content of internal network resources or leak files from the local system via HTML containers embedded in a dossier/dashboard document. NOTE: 10.4., no fix will be released as version will reach end-of-life on 31/12/2020.
Una vulnerabilidad de tipo Server-Side Request Forgery (SSRF) afectando la generación de PDF en MicroStrategy versiones 10.4, 2019 anterior al Update 6 y 2020 anterior al Update 2, permite a usuarios autenticados acceder al contenido de los recursos de la red interna o filtrar archivos de sistema local por medio de contenedores HTML integrados en un documento dossier/dashboard. NOTA: versión 10.4., ninguna solución será publicada ya que la versión llegará al final de su vida útil el 31/12/2020
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-08-28 CVE Reserved
- 2020-11-24 CVE Published
- 2023-03-30 First Exploit
- 2024-03-29 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-918: Server-Side Request Forgery (SSRF)
CAPEC
References (4)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/darkvirus-7x/exploit-CVE-2020-24815 | 2023-03-30 | |
| https://triskelelabs.com/extracting-your-aws-access-keys-through-a-pdf-file | 2024-08-04 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://microstrategy.com | 2020-12-02 | |
| https://community.microstrategy.com/s/article/Securing-PDF-and-Excel-Export-with-Whitelists?language=en_US | 2020-12-02 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microstrategy Search vendor "Microstrategy" | Microstrategy Search vendor "Microstrategy" for product "Microstrategy" | 10.4 Search vendor "Microstrategy" for product "Microstrategy" and version "10.4" | - |
Affected
| ||||||
| Microstrategy Search vendor "Microstrategy" | Microstrategy Search vendor "Microstrategy" for product "Microstrategy" | 2019 Search vendor "Microstrategy" for product "Microstrategy" and version "2019" | update1 |
Affected
| ||||||
| Microstrategy Search vendor "Microstrategy" | Microstrategy Search vendor "Microstrategy" for product "Microstrategy" | 2019 Search vendor "Microstrategy" for product "Microstrategy" and version "2019" | update2 |
Affected
| ||||||
| Microstrategy Search vendor "Microstrategy" | Microstrategy Search vendor "Microstrategy" for product "Microstrategy" | 2019 Search vendor "Microstrategy" for product "Microstrategy" and version "2019" | update3 |
Affected
| ||||||
| Microstrategy Search vendor "Microstrategy" | Microstrategy Search vendor "Microstrategy" for product "Microstrategy" | 2019 Search vendor "Microstrategy" for product "Microstrategy" and version "2019" | update4 |
Affected
| ||||||
| Microstrategy Search vendor "Microstrategy" | Microstrategy Search vendor "Microstrategy" for product "Microstrategy" | 2019 Search vendor "Microstrategy" for product "Microstrategy" and version "2019" | update5 |
Affected
| ||||||
| Microstrategy Search vendor "Microstrategy" | Microstrategy Search vendor "Microstrategy" for product "Microstrategy" | 2020 Search vendor "Microstrategy" for product "Microstrategy" and version "2020" | update1 |
Affected
| ||||||