Jetpack alerting on security vuln
-
wrote on Apr 19, 2023, 3:30 PM last edited by
Jetpack is warning me about this - do I need to worry about it? I moved from a different host (back) to cloudron and don't recall seeing this before
-
That's quite an abstract threat message
Can't say I understand it. @ianhyzy Can you post the link in the screenshot? (The technical details link)wrote on Apr 19, 2023, 4:00 PM last edited by ianhyzy Apr 19, 2023, 4:01 PM -
@ianhyzy I think that link is saying that there is no known fix. https://www.sonarsource.com/blog/wordpress-core-unauthenticated-blind-ssrf/ says similar. Looks like quite a recent report.
-
@ianhyzy I think that link is saying that there is no known fix. https://www.sonarsource.com/blog/wordpress-core-unauthenticated-blind-ssrf/ says similar. Looks like quite a recent report.
wrote on Apr 19, 2023, 8:44 PM last edited by@girish said in Jetpack alerting on security vuln:
@ianhyzy I think that link is saying that there is no known fix. https://www.sonarsource.com/blog/wordpress-core-unauthenticated-blind-ssrf/ says similar. Looks like quite a recent report.
also seems to say this issue by itself isn't much to worry about
We couldn't generically identify ways to leverage this behavior to take over vulnerable instances without relying on other vulnerable services.
and
We've audited the code in the hope of finding parser differential bugs that would allow reaching unintended ports or performing POST requests without success: the initial URL validation steps are restrictive enough to prevent their exploitation. As mentioned earlier, attackers would have to chain this behavior with another vulnerability to impact the targeted organization's security significantly.
-
wrote on Apr 21, 2023, 5:08 PM last edited by
thanks, should have read that more clearly - will just ignore it!