Primary

Context

TwoNav Link Identification Function Sensitive Information Disclosure Vulnerability

Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in TwoNav version 2.1.18-20241105. This vulnerability allows remote attackers to access sensitive information through the link identification function. The issue arises because the application can be tricked into sending requests to internal resources, such as localhost.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information by allowing attackers to send requests to internal services or resources.

Reproduction

The vulnerability can be reproduced by using a tool like Burp Suite to intercept and modify requests sent to the link identification function. By directing the request to '127.0.0.1', the Burp Suite collaborator can receive the request, demonstrating the SSRF vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.8

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.8

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TwoNav Link Identification Function Sensitive Information Disclosure Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating