CVE-2023-46746

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Dec 1, 2023

Updated: Dec 11, 2023

CWE ID 918

Summary

CVE-2023-46746 is a server-side request forgery (SSRF) vulnerability affecting PostHog, an open-source product analytics tool. Authenticated users can exploit this issue by forging malicious POST requests, which can lead to unauthorized data access or modification. PostHog failed to verify the validity of URLs when enabling webhooks, making it possible for attackers to manipulate requests. This vulnerability has been patched with the commit `22bd5942`, and there are currently no known workarounds for users until they update to the latest release.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

posthog-js

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tIwZaF
https://www.cve.org/CVERecord?id=CVE-2023-46746
https://nvd.nist.gov/vuln/detail/CVE-2023-46746

Back to Vulnerability Database

CVE-2023-46746

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations