Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-46746: SSRF vulnerability for logged in users

PostHog provides open-source product analytics, session recording, feature flagging and A/B testing that you can self-host. A server-side request forgery (SSRF), which can only be exploited by authenticated users, was found in Posthog. Posthog did not verify whether a URL was local when enabling webhooks, allowing authenticated users to forge a POST request. This vulnerability has been addressed in 22bd5942 and will be included in subsequent releases. There are no known workarounds for this vulnerability.

CVE
Open in Source
#vulnerability#web#git#ssrf#auth#docker

Skip to content

    • Actions

      Automate any workflow

    • Packages

      Host and manage packages

    • Security

      Find and fix vulnerabilities

    • Codespaces

      Instant dev environments

    • Copilot

      Write better code with AI

    • Code review

      Manage code changes

    • Issues

      Plan and track work

    • Discussions

      Collaborate outside of code

    • GitHub Sponsors

      Fund open source developers

*   The ReadME Project
    
    GitHub community articles
  • Pricing

Additional navigation options

Package

No package listed

Affected versions

<=1.43.1

Patched versions

From commit 22bd5942638d5d9bc4bd603a9bfe8f8a95572292

Description

Impact

A server-side request forgery (SSRF), which can only be exploited by authenticated users, was found in Posthog. We did not verify whether a URL was local when enabling webhooks, allowing authenticated users to forge a POST request.

Patches

Users can upgrade to the latest available Docker image

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE