CVE-2020-24881 Vulnerability Analysis & Exploit Details

Status: Analyzed - Last modified: 30 Jan 2021, 02:29 UTC Published: 02 Nov 2020, 21:15 UTC

CVE-2020-24881
Vulnerability Scoring

9.8
/10

Attack Complexity Details

  • Attack Complexity: Low Impact
  • Attack Vector: NETWORK
  • Privileges Required: None
  • Scope: UNCHANGED
  • User Interaction: NONE

CIA Impact Definition

  • Confidentiality: HIGH IMPACT
  • Integrity: HIGH IMPACT
  • Availability: HIGH IMPACT

CVE-2020-24881 Vulnerability Summary

SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning.

Access Complexity Graph

Above is the Access Complexity Graph for CVE-2020-24881. It helps visualize the difficulty level and privilege requirements needed to exploit this vulnerability, providing a quick assessment of its exploitation feasibility.

CVSS Score Breakdown Chart

Above is the CVSS Sub-score Breakdown for CVE-2020-24881, illustrating how Base, Impact, and Exploitability factors combine to form the overall severity rating. A higher sub-score typically indicates a more severe or easier-to-exploit vulnerability.

Impact Analysis

Below is the Impact Analysis for CVE-2020-24881, showing how Confidentiality, Integrity, and Availability might be affected if the vulnerability is exploited. Higher values usually signal greater potential damage.

Exploit Prediction Scoring System (EPSS)

The EPSS score estimates the probability that this vulnerability will be exploited in the near future.

EPSS Score: 94.447% (probability of exploit)

EPSS Percentile: 99.42% (lower percentile = lower relative risk)
This vulnerability is less risky than approximately 0.5799999999999983% of others.

CVE-2020-24881 Detailed Information and External References

References

CWE

CWE-918

CAPEC

  • Server Side Request Forgery CAPEC-664 An adversary exploits improper input validation by submitting maliciously crafted input to a target application running on a server, with the goal of forcing the server to make a request either to itself, to web services running in the server’s internal network, or to external third parties. If successful, the adversary’s request will be made with the server’s privilege level, bypassing its authentication controls. This ultimately allows the adversary to access sensitive data, execute commands on the server’s network, and make external requests with the stolen identity of the server. Server Side Request Forgery attacks differ from Cross Site Request Forgery attacks in that they target the server itself, whereas CSRF attacks exploit an insecure user authentication mechanism to perform unauthorized actions on the user's behalf.

Vulnerable Configurations

  • cpe:2.3:a:osticket:osticket:-:*:*:*:*:*:*:*
    cpe:2.3:a:osticket:osticket:-:*:*:*:*:*:*:*
  • cpe:2.3:a:osticket:osticket:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:osticket:osticket:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:osticket:osticket:1.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:osticket:osticket:1.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:osticket:osticket:1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:osticket:osticket:1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:osticket:osticket:1.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:osticket:osticket:1.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:osticket:osticket:1.6:rc1:*:*:*:*:*:*
    cpe:2.3:a:osticket:osticket:1.6:rc1:*:*:*:*:*:*
  • cpe:2.3:a:osticket:osticket:1.6:rc2:*:*:*:*:*:*
    cpe:2.3:a:osticket:osticket:1.6:rc2:*:*:*:*:*:*
  • cpe:2.3:a:osticket:osticket:1.6:rc3:*:*:*:*:*:*
    cpe:2.3:a:osticket:osticket:1.6:rc3:*:*:*:*:*:*
  • cpe:2.3:a:osticket:osticket:1.6:rc4:*:*:*:*:*:*
    cpe:2.3:a:osticket:osticket:1.6:rc4:*:*:*:*:*:*
  • cpe:2.3:a:osticket:osticket:1.6:rc5:*:*:*:*:*:*
    cpe:2.3:a:osticket:osticket:1.6:rc5:*:*:*:*:*:*
  • cpe:2.3:a:osticket:osticket:1.8.1:developer_preview:*:*:*:*:*:*
    cpe:2.3:a:osticket:osticket:1.8.1:developer_preview:*:*:*:*:*:*
  • cpe:2.3:a:osticket:osticket:1.10.4:*:*:*:*:*:*:*
    cpe:2.3:a:osticket:osticket:1.10.4:*:*:*:*:*:*:*
  • cpe:2.3:a:osticket:osticket:1.10.7:*:*:*:*:*:*:*
    cpe:2.3:a:osticket:osticket:1.10.7:*:*:*:*:*:*:*
  • cpe:2.3:a:osticket:osticket:1.12.1:*:*:*:*:*:*:*
    cpe:2.3:a:osticket:osticket:1.12.1:*:*:*:*:*:*:*
  • cpe:2.3:a:osticket:osticket:1.12.2:*:*:*:*:*:*:*
    cpe:2.3:a:osticket:osticket:1.12.2:*:*:*:*:*:*:*

CVSS3 Source

nvd@nist.gov

CVSS3 Type

Primary

CVSS3 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Protect Your Infrastructure: Combat Critical CVE Threats

Stay updated with real-time CVE vulnerabilities and take action to secure your systems. Enhance your cybersecurity posture with the latest threat intelligence and mitigation techniques. Develop the skills necessary to defend against CVEs and secure critical infrastructures. Join the top cybersecurity professionals safeguarding today's infrastructures.

Other Recently Published CVEs

  • CVE-2025-25054 – Movable Type contains a reflected cross-site scripting vulnerability in the user information edit page. When Multi-Factor authentication plugin is ...
  • CVE-2025-24841 – Movable Type contains a stored cross-site scripting vulnerability in the HTML edit mode of MT Block Editor. It is exploitable when TinyMCE6 is used...
  • CVE-2025-22888 – Movable Type contains a stored cross-site scripting vulnerability in the custom block edit page of MT Block Editor. If exploited, an arbitrary scri...
  • CVE-2025-1065 – The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Import D...
  • CVE-2024-13799 – The User Private Files – File Upload & Download Manager with Secure File Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting ...
  • CVE-2024-12173 – The Master Slider WordPress plugin before 3.10.5 does not sanitise and escape some of its settings, which could allow high privilege users such as...
  • CVE-2025-1441 – The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7...
  • CVE-2025-22622 – Age Verification for your checkout page. Verify your customer's identity 1.20.0 was found to be vulnerable. The web application dynamically generat...
  • CVE-2024-13443 – The Easypromos Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Easypromos shortcode in all versions up to...
  • CVE-2024-11582 – The Subscribe2 – Form, Email Subscribers & Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ip parameter in al...