SSRF in Rendertron
CVE-2020-8902

3.5LOW

Key Information:

Vendor: Google
Status: Rendertron
Vendor: CVE Published:; 23 February 2021

What is CVE-2020-8902?

Rendertron versions prior to 3.0.0 are are susceptible to a Server-Side Request Forgery (SSRF) attack. An attacker can use a specially crafted webpage to force a rendertron headless chrome process to render internal sites it has access to, and display it as a screenshot. Suggested mitigations are to upgrade your rendertron to version 3.0.0, or, if you cannot update, to secure the infrastructure to limit the headless chrome's access to your internal domain.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Rendertron stable < 3.0.0

References

https://github.com/GoogleChrome/rendertron/releases/tag/3...

x_refsource_CONFIRM

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 23, 2021
Vulnerability Reserved
Feb 12, 2020

Credit

N Suriya Prakash from Cyber Security and Privacy Foundation Pte Ltd

JSON

Google