The Subscriptions feature in Open-Xchange Server prior to 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not properly validate the publication-source URL, which allows remote authenticated users to trigger arbitrary outbound TCP traffic via a crafted Source field, as demonstrated by (1) an ftp: URL, (2) a gopher: URL, or (3) an 127.0.0.1/ URL, related to a "Server-side request forging (SSRF)" issue.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
open-xchange open-xchange server 6.22.1 |
||
open-xchange open-xchange server 6.22.0 |
||
open-xchange open-xchange server 6.20.7 |