CVE-2024-48590 PoC — Inflectra SpiraTeam 安全漏洞

Source

https://github.com/GCatt-AS/CVE-2024-48590

Associated Vulnerability

Title:Inflectra SpiraTeam 安全漏洞 (CVE-2024-48590)
Description:Inflectra SpiraTeam 7.2.00 is vulnerable to Server-Side Request Forgery (SSRF) via the NewsReaderService. This allows an attacker to escalate privileges and obtain sensitive information.

Readme

# CVE-2024-48590

# Vulnerability Disclosure: SSRF in Inflectra SpiraTeam 7.2.00

## Description
Inflectra SpiraTeam version 7.2.00 is vulnerable to Server-Side Request Forgery (SSRF) through the NewsReaderService component.

## Vulnerability Type
Server-Side Request Forgery (SSRF)

## Vendor
Inflectra

## Affected Product
SpiraTeam 7.2.00

## Affected Component
NewsReaderService

## Attack Type
Remote

## Impacts
- **Escalation of Privileges**: Allows attackers to potentially gain higher access levels.
- **Information Disclosure**: Exposes sensitive data from the host system.

## Attack Vectors
An attacker can send specially crafted requests to the NewsReaderService, prompting the server to make unintended requests. This can lead to the capture of authentication hashes from the host where SpiraTeam is installed.

## References
- [OWASP: Server-Side Request Forgery](https://owasp.org/www-community/attacks/Server_Side_Request_Forgery)

## Vendor Acknowledgment
Inflectra has confirmed the existence of this vulnerability.

## Discoverer
Gareth Catterall

## Note
Users of SpiraTeam 7.2.00 are encouraged update to the latest version of the product.

File Snapshot


 [4.0K]  /data/pocs/f9b6df68852411276dc066e5ac3584dc709013df
└── [1.1K]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!