Unrated severityNVD Advisory· Published May 9, 2019· Updated Aug 4, 2024

CVE-2019-7652

Description

TheHive Project UnshortenLink analyzer before 1.1, included in Cortex-Analyzers before 1.15.2, has SSRF. To exploit the vulnerability, an attacker must create a new analysis, select URL for Data Type, and provide an SSRF payload like "http://127.0.0.1:22" in the Data parameter. The result can be seen in the main dashboard. Thus, it is possible to do port scans on localhost and intranet hosts.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

TheHive Project/UnshortenLink analyzerdescription
Thehive Project/UnshortenLinkllm-create
Range: <1.1
Thehive Project/Cortex-Analyzersllm-create
Range: <1.15.2

Patches

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

packetstormsecurity.com/files/152804/TheHive-Project-Cortex-2.1.3-Server-Side-Request-Forgery.htmlmitrex_refsource_MISC
blog.thehive-project.org/2019/02/11/unshortenlink-ssrf-and-cortex-analyzers-1-15-2/mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.004
exploit	0.030
kev	0.000
patch	-0.070
ransomware	0.000