Total
1111 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-24568 | 1 Xxyopen | 1 Novel-plus | 2023-09-13 | 7.5 HIGH | 9.8 CRITICAL |
| Novel-plus v3.6.0 was discovered to be vulnerable to Server-Side Request Forgery (SSRF) via user-supplied crafted input. | |||||
| CVE-2023-39967 | 1 Wiremock | 1 Studio | 2023-09-13 | N/A | 10.0 CRITICAL |
| WireMock is a tool for mocking HTTP services. When certain request URLs like “@127.0.0.1:1234" are used in WireMock Studio configuration fields, the request might be forwarded to an arbitrary service reachable from WireMock’s instance. There are 3 identified potential attack vectors: via “TestRequester” functionality, webhooks and the proxy mode. As we can control HTTP Method, HTTP Headers, HTTP Data, it allows sending requests with the default level of credentials for the WireMock instance. The vendor has discontinued the affected Wiremock studio product and there will be no fix. Users are advised to find alternatives. | |||||
| CVE-2023-41327 | 1 Wiremock | 2 Studio, Wiremock | 2023-09-12 | N/A | 5.4 MEDIUM |
| WireMock is a tool for mocking HTTP services. WireMock can be configured to only permit proxying (and therefore recording) to certain addresses. This is achieved via a list of allowed address rules and a list of denied address rules, where the allowed list is evaluated first. Until WireMock Webhooks Extension 3.0.0-beta-15, the filtering of target addresses from the proxy mode DID NOT work for Webhooks, so the users were potentially vulnerable regardless of the `limitProxyTargets` settings. Via the WireMock webhooks configuration, POST requests from a webhook might be forwarded to an arbitrary service reachable from WireMock’s instance. For example, If someone is running the WireMock docker Container inside a private cluster, they can trigger internal POST requests against unsecured APIs or even against secure ones by passing a token, discovered using another exploit, via authentication headers. This issue has been addressed in versions 2.35.1 and 3.0.3 of wiremock. Wiremock studio has been discontinued and will not see a fix. Users unable to upgrade should use external firewall rules to define the list of permitted destinations. | |||||
| CVE-2023-41937 | 1 Jenkins | 1 Bitbucket Push And Pull Request | 2023-09-11 | N/A | 7.5 HIGH |
| Jenkins Bitbucket Push and Pull Request Plugin 2.4.0 through 2.8.3 (both inclusive) trusts values provided in the webhook payload, including certain URLs, and uses configured Bitbucket credentials to connect to those URLs, allowing attackers to capture Bitbucket credentials stored in Jenkins by sending a crafted webhook payload. | |||||
| CVE-2023-36388 | 1 Apache | 1 Superset | 2023-09-11 | N/A | 5.4 MEDIUM |
| Improper REST API permission in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma users to test network connections, possible SSRF. | |||||
| CVE-2023-41055 | 1 Ahwx | 1 Librey | 2023-09-08 | N/A | 7.5 HIGH |
| LibreY is a fork of LibreX, a framework-less and javascript-free privacy respecting meta search engine. LibreY is subject to a Server-Side Request Forgery (SSRF) vulnerability in the `engines/google/text.php` and `engines/duckduckgo/text.php` files in versions before commit be59098abd119cda70b15bf3faac596dfd39a744. This vulnerability allows remote attackers to request the server to send HTTP GET requests to arbitrary targets and conduct Denial-of-Service (DoS) attacks via the `wikipedia_language` cookie. Remote attackers can request the server to download large files to reduce the performance of the server or even deny access from legitimate users. This issue has been patched in https://github.com/Ahwxorg/LibreY/pull/9. LibreY hosters are advised to use the latest commit. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-41054 | 1 Ahwx | 1 Librey | 2023-09-08 | N/A | 9.1 CRITICAL |
| LibreY is a fork of LibreX, a framework-less and javascript-free privacy respecting meta search engine. LibreY is subject to a Server-Side Request Forgery (SSRF) vulnerability in the `image_proxy.php` file of LibreY before commit 8f9b9803f231e2954e5b49987a532d28fe50a627. This vulnerability allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network or conduct Denial-of-Service (DoS) attacks via the `url` parameter. Remote attackers can use the server as a proxy to send HTTP GET requests and retrieve information in the internal network. Remote attackers can also request the server to download large files or chain requests among multiple instances to reduce the performance of the server or even deny access from legitimate users. This issue has been addressed in https://github.com/Ahwxorg/LibreY/pull/31. LibreY hosters are advised to use the latest commit. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-36088 | 1 Vesoft | 1 Nebulagraph Studio | 2023-09-07 | N/A | 7.5 HIGH |
| Server Side Request Forgery (SSRF) vulnerability in NebulaGraph Studio version 3.7.0, allows remote attackers to gain sensitive information. | |||||
| CVE-2023-40969 | 1 Slims | 1 Senayan Library Management System | 2023-09-07 | N/A | 6.1 MEDIUM |
| Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable to Server Side Request Forgery (SSRF) via admin/modules/bibliography/pop_p2p.php. | |||||
| CVE-2022-45085 | 1 Gruparge | 1 Smartpower Web | 2023-09-03 | N/A | 6.5 MEDIUM |
| Server-Side Request Forgery (SSRF) vulnerability in Group Arge Energy and Control Systems Smartpower Web allows : Server Side Request Forgery.This issue affects Smartpower Web: before 23.01.01. | |||||
| CVE-2023-4624 | 1 Bookstackapp | 1 Bookstack | 2023-09-01 | N/A | 2.4 LOW |
| Server-Side Request Forgery (SSRF) in GitHub repository bookstackapp/bookstack prior to v23.08. | |||||
| CVE-2023-4651 | 1 Instantcms | 1 Instantcms | 2023-09-01 | N/A | 5.4 MEDIUM |
| Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/icms2 prior to 2.16.1. | |||||
| CVE-2023-40017 | 1 Geosolutionsgroup | 1 Geonode | 2023-08-30 | N/A | 7.5 HIGH |
| GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. In versions 3.2.0 through 4.1.2, the endpoint `/proxy/?url=` does not properly protect against server-side request forgery. This allows an attacker to port scan internal hosts and request information from internal hosts. A patch is available at commit a9eebae80cb362009660a1fd49e105e7cdb499b9. | |||||
| CVE-2023-37379 | 1 Apache | 1 Airflow | 2023-08-29 | N/A | 8.1 HIGH |
| Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests, leading to a denial of service (DoS) condition on the server. Furthermore, malicious actors can leverage this vulnerability to establish harmful connections with the server. Users of Apache Airflow are strongly advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability. Additionally, administrators are encouraged to review and adjust user permissions to restrict access to sensitive functionalities, reducing the attack surface. | |||||
| CVE-2023-37440 | 1 Arubanetworks | 1 Edgeconnect Sd-wan Orchestrator | 2023-08-29 | N/A | 5.3 MEDIUM |
| A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a server-side request forgery (SSRF) attack. A successful exploit allows an attacker to enumerate information about the internal structure of the EdgeConnect SD-WAN Orchestrator host leading to potential disclosure of sensitive information. | |||||
| CVE-2023-40033 | 1 Flarum | 1 Flarum | 2023-08-25 | N/A | 7.1 HIGH |
| Flarum is an open source forum software. Flarum is affected by a vulnerability that allows an attacker to conduct a Blind Server-Side Request Forgery (SSRF) attack or disclose any file on the server, even with a basic user account on any Flarum forum. By uploading a file containing a URL and spoofing the MIME type, an attacker can manipulate the application to execute unintended actions. The vulnerability is due to the behavior of the `intervention/image` package, which attempts to interpret the supplied file contents as a URL, which then fetches its contents. This allows an attacker to exploit the vulnerability to perform SSRF attacks, disclose local file contents, or conduct a blind oracle attack. This has been patched in Flarum version 1.8.0. Users are advised to upgrade. Users unable to upgrade may disable PHP's `allow_url_fopen` which will prevent the fetching of external files via URLs as a temporary workaround for the SSRF aspect of the vulnerability. | |||||
| CVE-2023-27163 | 1 Rbaskets | 1 Request Baskets | 2023-08-11 | N/A | 6.5 MEDIUM |
| request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request. | |||||
| CVE-2022-41401 | 1 Openrefine | 1 Openrefine | 2023-08-08 | N/A | 6.5 MEDIUM |
| OpenRefine <= v3.5.2 contains a Server-Side Request Forgery (SSRF) vulnerability, which permits unauthorized users to exploit the system, potentially leading to unauthorized access to internal resources and sensitive file disclosure. | |||||
| CVE-2022-24449 | 1 Rt-solar | 1 Solar Appscreener | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Solar appScreener through 3.10.4, when a valid license is not present, allows XXE and SSRF attacks via a crafted XML document. | |||||
| CVE-2022-36997 | 1 Veritas | 4 Flex Appliance, Flex Scale, Netbackup and 1 more | 2023-08-08 | N/A | 8.8 HIGH |
| An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger impacts that include arbitrary file read, Server-Side Request Forgery (SSRF), and denial of service. | |||||