{
  "threat_severity" : "Moderate",
  "public_date" : "2019-10-12T00:00:00Z",
  "bugzilla" : {
    "description" : "graphite-web: graphite.composer.views.send_email vulnerable to SSRF",
    "id" : "2001847",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2001847"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
    "status" : "draft"
  },
  "cwe" : "CWE-918",
  "details" : [ "send_email in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent to an e-mail address that can be supplied by the attacker. Thus, an attacker can exfiltrate any information.", "A flaw was found in graphite-web. The send_email in the graphite-web/webapp/graphite/composer/views.py function is vulnerable to a Server-side request forgery (SSRF). This flaw allows an attacker to use the vulnerable SSRF endpoint to have the Graphite web server request any resource. An attacker can exfiltrate any information due to the response the SSRF request encodes into an image file sent to an email address supplied by the attacker." ],
  "statement" : "Graphite metrics / telemetry data does not contain any sensitive information and hence this flaw is rated as Moderate.",
  "package_state" : [ {
    "product_name" : "Red Hat Ceph Storage 2",
    "fix_state" : "Out of support scope",
    "package_name" : "graphite-web",
    "cpe" : "cpe:/a:redhat:ceph_storage:2"
  }, {
    "product_name" : "Red Hat Ceph Storage 3",
    "fix_state" : "Out of support scope",
    "package_name" : "graphite-web",
    "cpe" : "cpe:/a:redhat:ceph_storage:3"
  }, {
    "product_name" : "Red Hat Storage 3",
    "fix_state" : "Will not fix",
    "package_name" : "graphite-web",
    "cpe" : "cpe:/a:redhat:storage:3"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2017-18638\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-18638\nhttps://github.com/graphite-project/graphite-web/security/advisories/GHSA-vfj6-275q-4pvm" ],
  "name" : "CVE-2017-18638",
  "csaw" : false
}