CVE-2023-46730
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-46730
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-46730.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-46730
- Aliases
-
- GHSA-vw6c-h82w-mvfv
- Published
- 2023-11-07T17:35:36.332Z
- Modified
- 2025-12-05T00:09:27.813554Z
- Severity
-
- 7.4 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L CVSS Calculator
- Summary
- Server-Side Request Forgery in groupoffice
- Details
-
Group-Office is an enterprise CRM and groupware tool. In affected versions there is full Server-Side Request Forgery (SSRF) vulnerability in the /api/upload.php endpoint. The /api/upload.php endpoint does not filter URLs which allows a malicious user to cause the server to make resource requests to untrusted domains. Note that protocols like file:// can also be used to access the server disk. The request result (on success) can then be retrieved using /api/download.php. This issue has been addressed in versions 6.8.15, 6.7.54, and 6.6.177. Users are advised to upgrade. There are no known workarounds for this vulnerability.
- Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-918" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/46xxx/CVE-2023-46730.json" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/46xxx/CVE-2023-46730.json
- https://github.com/Intermesh/groupoffice/commit/99205535e8cec6592fd7f1469837926f27c72d50
- https://github.com/Intermesh/groupoffice/security/advisories/GHSA-vw6c-h82w-mvfv
- https://nvd.nist.gov/vuln/detail/CVE-2023-46730
Affected packages
Git / github.com/intermesh/groupoffice
Affected versions
v6.*
v6.6.131
v6.6.132
v6.6.133
v6.6.134
v6.6.135
v6.6.136
v6.6.137
v6.6.138
v6.6.139
v6.6.140
v6.6.141
v6.6.142
v6.6.143
v6.6.144
v6.6.145
v6.6.146
v6.6.147
v6.6.148
v6.6.149
v6.6.150
v6.6.151
v6.6.152
v6.6.153
v6.6.154
v6.6.155
v6.6.156
v6.6.157
v6.6.158
v6.6.159
v6.6.160
v6.6.161
v6.6.162
v6.6.163
v6.6.164
v6.6.165
v6.6.166
v6.6.167
v6.6.168
v6.6.169
v6.6.170
v6.6.171
v6.6.172
v6.6.173
v6.6.174
v6.6.175
v6.6.176
v6.7.0
v6.7.1
v6.7.10
v6.7.11
v6.7.12
v6.7.13
v6.7.14
v6.7.15
v6.7.16
v6.7.17
v6.7.18
v6.7.19
v6.7.2
v6.7.20
v6.7.22
v6.7.23
v6.7.24
v6.7.25
v6.7.26
v6.7.27
v6.7.28
v6.7.29
v6.7.3
v6.7.30
v6.7.31
v6.7.32
v6.7.33
v6.7.34
v6.7.35
v6.7.36
v6.7.37
v6.7.38
v6.7.39
v6.7.40
v6.7.41
v6.7.42
v6.7.43
v6.7.45
v6.7.46
v6.7.47
v6.7.48
v6.7.49
v6.7.5
v6.7.50
v6.7.51
v6.7.52
v6.7.53
v6.7.6
v6.7.7
v6.7.8
v6.7.9