Search
Total
256 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1784 | 1 Diagrams | 1 Drawio | 2022-06-07 | 5.0 MEDIUM | 7.5 HIGH |
| Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.8. | |||||
| CVE-2022-28997 | 1 Cszcms | 1 Cszcms | 2022-06-03 | 5.0 MEDIUM | 7.5 HIGH |
| CSZCMS v1.3.0 allows attackers to execute a Server-Side Request Forgery (SSRF) which can be leveraged to leak sensitive data via a local file inclusion at /admin/filemanager/connector/. | |||||
| CVE-2022-29153 | 1 Hashicorp | 1 Consul | 2022-06-02 | 5.0 MEDIUM | 7.5 HIGH |
| HashiCorp Consul and Consul Enterprise through 2022-04-12 allow SSRF. | |||||
| CVE-2022-29309 | 1 Mysiteforme Project | 1 Mysiteforme | 2022-06-02 | 5.0 MEDIUM | 7.5 HIGH |
| mysiteforme v2.2.1 was discovered to contain a Server-Side Request Forgery. | |||||
| CVE-2022-24856 | 1 Flyte | 1 Flyte Console | 2022-05-26 | 5.0 MEDIUM | 7.5 HIGH |
| FlyteConsole is the web user interface for the Flyte platform. FlyteConsole prior to version 0.52.0 is vulnerable to server-side request forgery (SSRF) when FlyteConsole is open to the general internet. An attacker can exploit any user of a vulnerable instance to access the internal metadata server or other unauthenticated URLs. Passing of headers to an unauthorized actor may occur. The patch for this issue deletes the entire `cors_proxy`, as this is not required for console anymore. A patch is available in FlyteConsole version 0.52.0. Disable FlyteConsole availability on the internet as a workaround. | |||||
| CVE-2022-1767 | 1 Diagrams | 1 Draw.io | 2022-05-26 | 5.0 MEDIUM | 7.5 HIGH |
| Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.7. | |||||
| CVE-2022-1713 | 1 Diagrams | 1 Draw.io | 2022-05-25 | 5.0 MEDIUM | 7.5 HIGH |
| SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information. | |||||
| CVE-2020-3938 | 1 Sysjust | 1 Syuan-gu-da-shin | 2022-05-24 | 5.0 MEDIUM | 7.5 HIGH |
| SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerability of Request Forgery, allowing attackers to launch inquiries into network architecture or system files of the server via forged inquests. | |||||
| CVE-2022-30049 | 1 Getrebuild | 1 Rebuild | 2022-05-24 | 5.0 MEDIUM | 7.5 HIGH |
| A Server-Side Request Forgery (SSRF) in Rebuild v2.8.3 allows attackers to obtain the real IP address and scan Intranet information via the fileurl parameter. | |||||
| CVE-2020-22983 | 1 Microstrategy | 1 Microstrategy Web | 2022-05-24 | 5.8 MEDIUM | 8.1 HIGH |
| A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and earlier, allows remote unauthenticated attackers to conduct a server-side request forgery (SSRF) attack via the srcURL parameter to the shortURL task. | |||||
| CVE-2022-29847 | 1 Ipswitch | 1 Whatsup Gold | 2022-05-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to invoke an API transaction that would allow them to relay encrypted WhatsUp Gold user credentials to an arbitrary host. | |||||
| CVE-2022-1592 | 1 Clinical-genomics | 1 Scout | 2022-05-12 | 6.4 MEDIUM | 8.2 HIGH |
| Server-Side Request Forgery in scout in GitHub repository clinical-genomics/scout prior to v4.42. An attacker could make the application perform arbitrary requests to fishing steal cookie, request to private area, or lead to xss... | |||||
| CVE-2021-22696 | 2 Apache, Oracle | 6 Cxf, Business Intelligence, Communications Diameter Intelligence Hub and 3 more | 2022-05-12 | 5.0 MEDIUM | 7.5 HIGH |
| CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)). Instead of sending a JWT token as a "request" parameter, the spec also supports specifying a URI from which to retrieve a JWT token from via the "request_uri" parameter. CXF was not validating the "request_uri" parameter (apart from ensuring it uses "https) and was making a REST request to the parameter in the request to retrieve a token. This means that CXF was vulnerable to DDos attacks on the authorization server, as specified in section 10.4.1 of the spec. This issue affects Apache CXF versions prior to 3.4.3; Apache CXF versions prior to 3.3.10. | |||||
| CVE-2022-25850 | 1 Proxyscotch Project | 1 Proxyscotch | 2022-05-11 | 5.0 MEDIUM | 7.5 HIGH |
| The package github.com/hoppscotch/proxyscotch before 1.0.0 are vulnerable to Server-side Request Forgery (SSRF) when interceptor mode is set to proxy. It occurs when an HTTP request is made by a backend server to an untrusted URL submitted by a user. It leads to a leakage of sensitive information from the server. | |||||
| CVE-2021-40822 | 1 Osgeo | 1 Geoserver | 2022-05-09 | 5.0 MEDIUM | 7.5 HIGH |
| GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host. | |||||
| CVE-2022-1239 | 1 Hubspot | 1 Hubspot | 2022-05-09 | 6.5 MEDIUM | 8.8 HIGH |
| The HubSpot WordPress plugin before 8.8.15 does not validate the proxy URL given to the proxy REST endpoint, which could allow users with the edit_posts capability (by default contributor and above) to perform SSRF attacks | |||||
| CVE-2022-24862 | 1 Databasir Project | 1 Databasir | 2022-05-03 | 4.0 MEDIUM | 7.7 HIGH |
| Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has Server-Side Request Forgery vulnerability. During the download verification process of a JDBC driver the corresponding JDBC driver download address will be downloaded first, but this address will return a response page with complete error information when accessing a non-existent URL. Attackers can take advantage of this feature for SSRF. | |||||
| CVE-2021-43296 | 1 Zohocorp | 1 Manageengine Supportcenter Plus | 2022-04-27 | 5.0 MEDIUM | 7.5 HIGH |
| Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an SSRF attack in ActionExecutor. | |||||
| CVE-2022-1037 | 1 Villatheme | 1 Exmage | 2022-04-27 | 6.5 MEDIUM | 7.2 HIGH |
| The EXMAGE WordPress plugin before 1.0.7 does to ensure that images added via URLs are external images, which could lead to a blind SSRF issue by using local URLs | |||||
| CVE-2022-27426 | 1 Chamilo | 1 Chamilo Lms | 2022-04-25 | 6.5 MEDIUM | 8.8 HIGH |
| A Server-Side Request Forgery (SSRF) in Chamilo LMS v1.11.13 allows attackers to enumerate the internal network and execute arbitrary system commands via a crafted Phar file. | |||||
| CVE-2022-23644 | 1 Joinbookwyrm | 1 Bookwyrm | 2022-02-25 | 6.5 MEDIUM | 8.8 HIGH |
| BookWyrm is a decentralized social network for tracking reading habits and reviewing books. The functionality to load a cover via url is vulnerable to a server-side request forgery attack. Any BookWyrm instance running a version prior to v0.3.0 is susceptible to attack from a logged-in user. The problem has been patched and administrators should upgrade to version 0.3.0 As a workaround, BookWyrm instances can close registration and limit members to trusted individuals. | |||||
| CVE-2021-21349 | 4 Debian, Fedoraproject, Oracle and 1 more | 14 Debian Linux, Fedora, Banking Enterprise Default Management and 11 more | 2022-02-16 | 5.0 MEDIUM | 8.6 HIGH |
| XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. | |||||
| CVE-2022-22993 | 1 Westerndigital | 11 My Cloud, My Cloud Dl2100, My Cloud Dl4100 and 8 more | 2022-02-15 | 5.0 MEDIUM | 7.5 HIGH |
| A limited SSRF vulnerability was discovered on Western Digital My Cloud devices that could allow an attacker to impersonate a server and reach any page on the server by bypassing access controls. The vulnerability was addressed by creating a whitelist for valid parameters. | |||||
| CVE-2021-45325 | 1 Gitea | 1 Gitea | 2022-02-11 | 5.0 MEDIUM | 7.5 HIGH |
| Server Side Request Forgery (SSRF) vulneraility exists in Gitea before 1.7.0 using the OpenID URL. | |||||
| CVE-2022-23206 | 1 Apache | 1 Traffic Control | 2022-02-11 | 5.0 MEDIUM | 7.5 HIGH |
| In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unprivileged user who can reach Traffic Ops over HTTPS can send a specially-crafted POST request to /user/login/oauth to scan a port of a server that Traffic Ops can reach. | |||||
| CVE-2022-24129 | 1 Shibboleth | 1 Oidc Op | 2022-02-09 | 6.4 MEDIUM | 8.2 HIGH |
| The OIDC OP plugin before 3.0.4 for Shibboleth Identity Provider allows server-side request forgery (SSRF) due to insufficient restriction of the request_uri parameter. This allows attackers to interact with arbitrary third-party HTTP services. | |||||
| CVE-2021-22821 | 1 Schneider-electric | 12 Evlink City Evc1s22p4, Evlink City Evc1s22p4 Firmware, Evlink City Evc1s7p4 and 9 more | 2022-02-03 | 5.0 MEDIUM | 8.6 HIGH |
| A CWE-918 Server-Side Request Forgery (SSRF) vulnerability exists that could cause the station web server to forward requests to unintended network targets when crafted malicious parameters are submitted to the charging station web server. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2) | |||||
| CVE-2021-33705 | 1 Sap | 1 Netweaver Portal | 2022-02-02 | 5.8 MEDIUM | 8.1 HIGH |
| The SAP NetWeaver Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, component Iviews Editor contains a Server-Side Request Forgery (SSRF) vulnerability which allows an unauthenticated attacker to craft a malicious URL which when clicked by a user can make any type of request (e.g. POST, GET) to any internal or external server. This can result in the accessing or modification of data accessible from the Portal but will not affect its availability. | |||||
| CVE-2021-22026 | 1 Vmware | 3 Cloud Foundation, Vrealize Operations Manager, Vrealize Suite Lifecycle Manager | 2022-02-01 | 5.0 MEDIUM | 7.5 HIGH |
| The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure. | |||||
| CVE-2021-22027 | 1 Vmware | 3 Cloud Foundation, Vrealize Operations Manager, Vrealize Suite Lifecycle Manager | 2022-02-01 | 5.0 MEDIUM | 7.5 HIGH |
| The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure. | |||||
| CVE-2021-21975 | 1 Vmware | 3 Cloud Foundation, Vrealize Operations Manager, Vrealize Suite Lifecycle Manager | 2022-02-01 | 5.0 MEDIUM | 7.5 HIGH |
| Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials. | |||||
| CVE-2022-21697 | 1 Jupyter | 1 Jupyter Server Proxy | 2022-02-01 | 5.5 MEDIUM | 7.1 HIGH |
| Jupyter Server Proxy is a Jupyter notebook server extension to proxy web services. Versions of Jupyter Server Proxy prior to 3.2.1 are vulnerable to Server-Side Request Forgery (SSRF). Any user deploying Jupyter Server or Notebook with jupyter-proxy-server extension enabled is affected. A lack of input validation allows authenticated clients to proxy requests to other hosts, bypassing the `allowed_hosts` check. Because authentication is required, which already grants permissions to make the same requests via kernel or terminal execution, this is considered low to moderate severity. Users may upgrade to version 3.2.1 to receive a patch or, as a workaround, install the patch manually. | |||||
| CVE-2021-23664 | 1 Isomorphic-git | 1 Cors-proxy | 2022-01-28 | 5.0 MEDIUM | 7.5 HIGH |
| The package @isomorphic-git/cors-proxy before 2.7.1 are vulnerable to Server-side Request Forgery (SSRF) due to missing sanitization and validation of the redirection action in middleware.js. | |||||
| CVE-2022-0132 | 1 Framasoft | 1 Peertube | 2022-01-14 | 5.0 MEDIUM | 7.5 HIGH |
| peertube is vulnerable to Server-Side Request Forgery (SSRF) | |||||
| CVE-2021-27738 | 1 Apache | 1 Kylin | 2022-01-13 | 5.0 MEDIUM | 7.5 HIGH |
| All request mappings in `StreamingCoordinatorController.java` handling `/kylin/api/streaming_coordinator/*` REST API endpoints did not include any security checks, which allowed an unauthenticated user to issue arbitrary requests, such as assigning/unassigning of streaming cubes, creation/modification and deletion of replica sets, to the Kylin Coordinator. For endpoints accepting node details in HTTP message body, unauthenticated (but limited) server-side request forgery (SSRF) can be achieved. This issue affects Apache Kylin Apache Kylin 3 versions prior to 3.1.2. | |||||
| CVE-2020-11988 | 2 Apache, Fedoraproject | 2 Xmlgraphics Commons, Fedora | 2022-01-04 | 6.4 MEDIUM | 8.2 HIGH |
| Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. Users should upgrade to 2.6 or later. | |||||
| CVE-2021-22056 | 2 Linux, Vmware | 4 Linux Kernel, Identity Manager, Vrealize Automation and 1 more | 2022-01-03 | 5.0 MEDIUM | 7.5 HIGH |
| VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response. | |||||
| CVE-2021-22054 | 1 Vmware | 1 Workspace One Uem Console | 2021-12-22 | 5.0 MEDIUM | 7.5 HIGH |
| VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information. | |||||
| CVE-2021-3959 | 1 Bitdefender | 1 Gravityzone | 2021-12-22 | 5.0 MEDIUM | 7.5 HIGH |
| A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Bitdefender GravityZone versions prior to 3.3.8.272 | |||||
| CVE-2021-39057 | 2 Ibm, Linux | 2 Spectrum Protect Plus, Linux Kernel | 2021-12-15 | 5.5 MEDIUM | 8.1 HIGH |
| IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 214616. | |||||
| CVE-2021-23718 | 1 Ssrf-agent Project | 1 Ssrf-agent | 2021-12-15 | 5.0 MEDIUM | 7.5 HIGH |
| The package ssrf-agent before 1.0.5 are vulnerable to Server-side Request Forgery (SSRF) via the defaultIpChecker function. It fails to properly validate if the IP requested is private. | |||||
| CVE-2021-39935 | 1 Gitlab | 1 Gitlab | 2021-12-15 | 5.0 MEDIUM | 7.5 HIGH |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Unauthorized external users could perform Server Side Requests via the CI Lint API | |||||
| CVE-2021-4075 | 1 Snipeitapp | 1 Snipe-it | 2021-12-07 | 6.5 MEDIUM | 7.2 HIGH |
| snipe-it is vulnerable to Server-Side Request Forgery (SSRF) | |||||
| CVE-2021-40809 | 1 Jamf | 1 Jamf | 2021-12-02 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Jamf Pro before 10.32.0, aka PI-009921. An account can be granted incorrect privileges in response to authentication that uses specific sign-on workflows. | |||||
| CVE-2021-3552 | 1 Bitdefender | 2 Endpoint Security Tools, Gravityzone | 2021-12-01 | 5.0 MEDIUM | 7.5 HIGH |
| A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender GravityZone 6.24.1-1. | |||||
| CVE-2021-3553 | 1 Bitdefender | 2 Endpoint Security Tools, Gravityzone | 2021-11-30 | 5.0 MEDIUM | 7.5 HIGH |
| A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService of Bitdefender Endpoint Security Tools allows an attacker to use the Endpoint Protection relay as a proxy for any remote host. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender Unified Endpoint for Linux versions prior to 6.2.21.160. Bitdefender GravityZone versions prior to 6.24.1-1. | |||||
| CVE-2020-26258 | 3 Debian, Fedoraproject, Xstream Project | 3 Debian Linux, Fedora, Xstream | 2021-11-30 | 5.0 MEDIUM | 7.7 HIGH |
| XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.15. The reported vulnerability does not exist if running Java 15 or higher. No user is affected who followed the recommendation to setup XStream's Security Framework with a whitelist! Anyone relying on XStream's default blacklist can immediately switch to a whilelist for the allowed types to avoid the vulnerability. Users of XStream 1.4.14 or below who still want to use XStream default blacklist can use a workaround described in more detailed in the referenced advisories. | |||||
| CVE-2021-43780 | 1 Redash | 1 Redash | 2021-11-30 | 6.0 MEDIUM | 8.8 HIGH |
| Redash is a package for data visualization and sharing. In versions 10.0 and priorm the implementation of URL-loading data sources like JSON, CSV, or Excel is vulnerable to advanced methods of Server Side Request Forgery (SSRF). These vulnerabilities are only exploitable on installations where a URL-loading data source is enabled. As of time of publication, the `master` and `release/10.x.x` branches address this by applying the Advocate library for making http requests instead of the requests library directly. Users should upgrade to version 10.0.1 to receive this patch. There are a few workarounds for mitigating the vulnerability without upgrading. One can disable the vulnerable data sources entirely, by adding the following env variable to one's configuration, making them unavailable inside the webapp. One can switch any data source of certain types (viewable in the GitHub Security Advisory) to be `View Only` for all groups on the Settings > Groups > Data Sources screen. For users unable to update an admin may modify Redash's configuration through environment variables to mitigate this issue. Depending on the version of Redash, an admin may also need to run a CLI command to re-encrypt some fields in the database. The `master` and `release/10.x.x` branches as of time of publication have removed the default value for `REDASH_COOKIE_SECRET`. All future releases will also require this to be set explicitly. For existing installations, one will need to ensure that explicit values are set for the `REDASH_COOKIE_SECRET` and `REDASH_SECRET_KEY `variables. | |||||
| CVE-2021-22970 | 1 Concretecms | 1 Concrete Cms | 2021-11-23 | 5.0 MEDIUM | 7.5 HIGH |
| Concrete CMS (formerly concrete5) versions 8.5.6 and below and version 9.0.0 allow local IP importing causing the system to be vulnerable toa. SSRF attacks on the private LAN servers by reading files from the local LAN. An attacker can pivot in the private LAN and exploit local network appsandb. SSRF Mitigation Bypass through DNS RebindingConcrete CMS security team gave this a CVSS score of 3.5 AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:NConcrete CMS is maintaining Concrete version 8.5.x until 1 May 2022 for security fixes.This CVE is shared with HackerOne Reports https://hackerone.com/reports/1364797 and https://hackerone.com/reports/1360016Reporters: Adrian Tiron from FORTBRIDGE (https://www.fortbridge.co.uk/ ) and Bipul Jaiswal | |||||
| CVE-2021-43562 | 1 Pixxio | 1 Pixx.io | 2021-11-16 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in the pixxio (aka pixx.io integration or DAM) extension before 1.0.6 for TYPO3. The extension fails to restrict the image download to the configured pixx.io DAM URL, resulting in SSRF. As a result, an attacker can download various content from a remote location and save it to a user-controlled filename, which may result in Remote Code Execution. A TYPO3 backend user account is required to exploit this. | |||||