Candidate: CVE-2017-18638
PublicDate: 2019-10-11 23:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18638
 https://github.com/graphite-project/graphite-web/issues/2008
 https://github.com/graphite-project/graphite-web/pull/2499
 https://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.html#second-bug-internal-graphite-ssrf
 https://github.com/graphite-project/graphite-web/security/advisories/GHSA-vfj6-275q-4pvm
 https://www.youtube.com/watch?v=ds4Gp4xoaeA
Description:
 send_email in graphite-web/webapp/graphite/composer/views.py in Graphite
 through 1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be
 used by an attacker to have the Graphite web server request any resource.
 The response to this SSRF request is encoded into an image file and then
 sent to an e-mail address that can be supplied by the attacker. Thus, an
 attacker can exfiltrate any information.
Ubuntu-Description:
 It was discovered that Graphite insecurely handled certain crafted input 
 on the send_email functionality. A remote attacker could possibly use
 this issue to exfiltrate sensitive information, resulting in a SSRF 
 attack.
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [7.5 HIGH]


Patches_graphite-web:
upstream_graphite-web: needed
precise/esm_graphite-web: DNE
trusty_graphite-web: ignored (out of standard support)
trusty/esm_graphite-web: DNE
xenial_graphite-web: ignored (end of standard support, was needed)
bionic_graphite-web: needed
disco_graphite-web: ignored (reached end-of-life)
eoan_graphite-web: ignored (reached end-of-life)
focal_graphite-web: not-affected (1.1.4-5)
groovy_graphite-web: not-affected (1.1.4-5)
hirsute_graphite-web: not-affected (1.1.4-5)
impish_graphite-web: not-affected (1.1.4-5)
jammy_graphite-web: not-affected (1.1.4-5)
devel_graphite-web: not-affected (1.1.4-5)