Inflectra SpiraTeam Server-Side Request Forgery Vulnerability Allowing Privilege Escalation

Vulnerability

A Server-Side Request Forgery (SSRF) vulnerability has been identified in Inflectra SpiraTeam version 7.2.00, specifically within the NewsReaderService. This vulnerability allows attackers to manipulate server requests, potentially leading to unauthorized access to sensitive information and privilege escalation.

Impact

Exploitation of this vulnerability could result in unauthorized access to sensitive information and elevated privileges within the application.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Inflectra SpiraTeam Server-Side Request Forgery Vulnerability Allowing Privilege Escalation

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating