Vulnerability in N/a

CVE-2020-24881

SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning.

EPSS: 0.913 (99.7th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

github.com/osTicket/osTicket/commit/d98c2d096aeb8876c6ab2f88317cd371d781f14d (x_refsource_MISC)
blackbatsec.medium.com/cve-2020-24881-server-side-request-forgery-in-osticket-e… (x_refsource_MISC)
packetstormsecurity.com/files/160995/osTicket-1.14.2-Server-Side-Request-Forger… (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-24881?: CVE-2020-24881 is a vulnerability in N/a. Published 2020-11-02.
Is CVE-2020-24881 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.