Dismissed
Permalink
CVE-2026-27023
5.0 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): CHANGED
- Confidentiality impact (C): LOW
- Integrity impact (I): NONE
- Availability impact (A): NONE
by @mweinelt Activity log
- Created automatic suggestion
-
@mweinelt
removed
8 packages
- gnome-2048
- wordpressPackages.themes.twentytwenty
- wordpressPackages.themes.twentynineteen
- wordpressPackages.themes.twentytwentyone
- wordpressPackages.themes.twentytwentytwo
- wordpressPackages.themes.twentytwentyfive
- wordpressPackages.themes.twentytwentyfour
- wordpressPackages.themes.twentytwentythree
- @mweinelt dismissed
Twenty: SSRF protection bypass via HTTP redirect following in secure HTTP client
Twenty is an open source CRM. Prior to version 1.18, the SSRF protection in SecureHttpClientService validated request URLs at the request level but did not validate redirect targets. An authenticated user who could control outbound request URLs (e.g., webhook endpoints, image URLs) could bypass private IP blocking by redirecting through an attacker-controlled server. This issue has been patched in version 1.18.
References
- https://github.com/twentyhq/twenty/security/advisories/GHSA-wm7q-rvq3-x8q9 x_refsource_CONFIRM
- https://github.com/twentyhq/twenty/releases/tag/v1.18.0 x_refsource_MISC
Affected products
twenty
- ==< 1.18
Ignored packages (8)
pkgs.gnome-2048
Obtain the 2048 tile
pkgs.wordpressPackages.themes.twentytwenty
None
pkgs.wordpressPackages.themes.twentynineteen
None
pkgs.wordpressPackages.themes.twentytwentyone
None
pkgs.wordpressPackages.themes.twentytwentytwo
None