Vulnerability Description
A Server Side Request Forgery vulnerability exists in the install app process in Sandstorm before build 0.203. A remote attacker may exploit this issue by providing a URL. It could bypass access control such as firewalls that prevent the attackers from accessing the URLs directly.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sandstorm | Sandstorm | < 0.203 |
Related Weaknesses (CWE)
References
- https://devco.re/blog/2018/01/26/Sandstorm-Security-Review-CVE-2017-6200-en/ExploitThird Party Advisory
- https://github.com/sandstorm-io/sandstorm/commit/164997fb958effbc90c5328c1667062PatchThird Party Advisory
- https://sandstorm.io/news/2017-03-02-security-reviewVendor Advisory
- https://devco.re/blog/2018/01/26/Sandstorm-Security-Review-CVE-2017-6200-en/ExploitThird Party Advisory
- https://github.com/sandstorm-io/sandstorm/commit/164997fb958effbc90c5328c1667062PatchThird Party Advisory
- https://sandstorm.io/news/2017-03-02-security-reviewVendor Advisory
FAQ
What is CVE-2017-6201?
CVE-2017-6201 is a vulnerability with a CVSS score of 8.1 (HIGH). A Server Side Request Forgery vulnerability exists in the install app process in Sandstorm before build 0.203. A remote attacker may exploit this issue by providing a URL. It could bypass access contr...
How severe is CVE-2017-6201?
CVE-2017-6201 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-6201?
Check the references section above for vendor advisories and patch information. Affected products include: Sandstorm Sandstorm.