From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability ID: CVE-2024-6586 2. Release Date: 2024-08-30 3. Update Date: 2024-08-30 4. Description: - Lightdash version 0.1024.6 allows users with admin or editor privileges to create and share dashboards. - Dashboards contain HTML elements that point to sources controlled by threat actors. When exported, this triggers an SSRF request via a POST request to . - The user session token of the exporting user is included in the forged request. - Threat actors can obtain the session token of any user who exports a dashboard. - The obtained session token can be used to perform actions on behalf of the victim, leading to session hijacking. 5. CWE ID: CWE-201 6. Affected Versions: - From versions prior to 0.1024.6 up to 0.1027.2. 7. Reporter: Kenneth Chiong, Mandiant 8. References: - GitHub Security Research: https://github.com/google/security-research/security/advisories/ghsa-4h7x-6vxh-7hj - CVE Record: https://www.cve.org/CVERecord?id=CVE-2024-6586 - Lightdash GitHub Repository: https://github.com/lightdash/lightdash - Lightdash Version 0.1027.2: https://github.com/lightdash/lightdash/releases/tag/0.1027.2 - Lightdash Patch for Version 9295: https://patch-diff.githubusercontent.com/raw/lightdash/lightdash/pull/9295.patch - Lightdash Pull Request 9295: https://github.com/lightdash/lightdash/pull/9295 This information provides a detailed description and scope of impact for the SSRF vulnerability in Lightdash version 0.1024.6.