1.0.21
CVE-2024-7743 is a critical server-side request forgery (SSRF) vulnerability discovered in ltcms version 1.0.20. This flaw allows attackers to manipulate internal resources and potentially gain unauthorized access through the /api/file/downloadUrl endpoint. The vulnerability impacts ltcms versions 1.0.20–1.0.20 and has been addressed in version 1.0.21. Public exploitation details are available.
The SSRF vulnerability in ltcms allows an attacker to craft malicious requests through the /api/file/downloadUrl endpoint, leveraging the 'file' parameter. By manipulating this parameter, an attacker can trick the server into making requests to internal resources or external systems that it shouldn't normally access. This could lead to exposure of sensitive internal data, unauthorized access to internal services, or even potential for remote code execution if the server interacts with vulnerable internal components. The potential blast radius extends to any internal resources accessible by the ltcms server, making this a significant security risk.
This vulnerability has been publicly disclosed, and a proof-of-concept may be available. The vendor was contacted but did not respond. The exploit's public availability increases the risk of exploitation. It is not currently listed on CISA KEV as of this writing, but its public nature warrants close monitoring. The CVSS score of 7.3 (HIGH) reflects the potential impact and ease of exploitation.
Exploit Status
EPSS
0.20% (42% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-7743 is to upgrade ltcms to version 1.0.21 or later, which includes the fix for this SSRF vulnerability. If upgrading immediately is not feasible, consider implementing temporary workarounds such as restricting outbound network access from the ltcms server to only necessary destinations. Implementing a Web Application Firewall (WAF) with rules to filter requests containing suspicious URLs or patterns in the 'file' parameter can also provide an additional layer of defense. Monitor the /api/file/downloadUrl endpoint for unusual activity and implement strict input validation to prevent malicious file paths. After upgrade, confirm by attempting to access the /api/file/downloadUrl endpoint with a known malicious file path and verifying that the request is blocked or handled safely.
Update to a patched version if available. Otherwise, implement robust validation and sanitization on the 'file' input of the /api/file/downloadUrl endpoint to prevent URL manipulation and avoid requests to unauthorized servers. Consider implementing a whitelist of allowed domains for requests.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-7743 is a critical SSRF vulnerability in ltcms versions 1.0.20–1.0.20, allowing attackers to trigger server-side request forgery via the /api/file/downloadUrl endpoint.
If you are running ltcms version 1.0.20, you are affected by this vulnerability and should upgrade immediately.
Upgrade ltcms to version 1.0.21 or later to resolve the SSRF vulnerability. Consider temporary workarounds like WAF rules and restricting outbound network access if immediate upgrade is not possible.
The vulnerability has been publicly disclosed, and a proof-of-concept may be available, increasing the risk of exploitation.
Due to the vendor's lack of response, a formal advisory may not be available. Monitor security news sources and vulnerability databases for updates.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.