Vulnerability Details : CVE-2020-14044
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Server-Side Request Forgery (SSRF) vulnerability was found in Codiad v1.7.8 and later. A user with admin privileges could use the plugin install feature to make the server request any URL via components/market/class.market.php. This could potentially result in remote code execution. NOTE: the vendor states "Codiad is no longer under active maintenance by core contributors."
Vulnerability category: Server-side request forgery (SSRF) Execute code
Products affected by CVE-2020-14044
- cpe:2.3:a:codiad:codiad:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-14044
5.23%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-14044
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST | |
7.2
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
NIST |
CWE ids for CVE-2020-14044
-
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-14044
-
https://advisory.checkmarx.net/advisory/CX-2020-4280
Checkmarx Advisory | CX-2020-4280 / Codiad SSRF when installing a pluginExploit;Third Party Advisory
-
https://github.com/Codiad/Codiad/blob/master/README.md
Codiad/README.md at master · Codiad/Codiad · GitHubThird Party Advisory
-
https://github.com/Codiad/Codiad/issues/1122
Multiple vulnerabilities that can result in RCE · Issue #1122 · Codiad/Codiad · GitHubExploit;Third Party Advisory
Jump to