CVE-2024-52602

MEDIUM Year: 2024
CVSS v3 Score
5.0
Medium
Weakness Type
CWE-918
View all →

Vulnerability Description

Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. Matrix Media Repo (MMR) is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. This is fixed in MMR v1.3.8. Users are advised to upgrade. Restricting which hosts MMR is allowed to contact via (local) firewall rules or a transparent proxy and may provide a workaround for users unable to upgrade.

Related Vulnerabilities

CVE-2018-20497

MEDIUM
CVSS:5.0(Medium)

An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows SSRF.

CWE-9182018

CVE-2019-1679

MEDIUM
CVSS:5.0(Medium)

A vulnerability in the web interface of Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server (VCS) Software could allow an authenticated, remote att...

CWE-9182019

CVE-2020-12644

MEDIUM
CVSS:5.0(Medium)

OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list API.

CWE-9182020

CVE-2020-15002

MEDIUM
CVSS:5.0(Medium)

OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API.

CWE-9182020

CVE-2020-36232

MEDIUM
CVSS:5.0(Medium)

The MessageBundleWhiteList class of atlassian-gadgets before version 4.2.37, from version 4.3.0 before 4.3.14, from version 4.3.2.0 before 4.3.2.4, from version 4.4.0 before 4.4.12, and from version 5...

CWE-9182020