Search
Total
254 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34011 | 1 Zhyd | 1 Oneblog | 2022-06-29 | 4.0 MEDIUM | 4.3 MEDIUM |
| OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the parameter entryUrls. | |||||
| CVE-2021-36761 | 1 Qlik | 1 Qlik Sense | 2022-06-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| The GeoAnalytics feature in Qlik Sense April 2020 patch 4 allows SSRF. | |||||
| CVE-2022-23071 | 1 Tandoor | 1 Recipes | 2022-06-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Recipes, versions 0.9.1 through 1.2.5 are vulnerable to Server Side Request Forgery (SSRF), in the “Import Recipe” functionality. When an attacker enters the localhost URL, a low privileged attacker can access/read the internal file system to access sensitive information. | |||||
| CVE-2022-29612 | 1 Sap | 2 Host Agent, Netweaver Abap | 2022-06-22 | 4.0 MEDIUM | 4.3 MEDIUM |
| SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, 8.04, SAPHOSTAGENT 7.22, allows an authenticated user to misuse a function of sapcontrol webfunctionality(startservice) in Kernel which enables malicious users to retrieve information. On successful exploitation, an attacker can obtain technical information like system number or physical address, which is otherwise restricted, causing a limited impact on the confidentiality of the application. | |||||
| CVE-2022-24969 | 1 Apache | 1 Dubbo | 2022-06-15 | 5.8 MEDIUM | 6.1 MEDIUM |
| bypass CVE-2021-25640 > In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability. | |||||
| CVE-2018-1000067 | 2 Jenkins, Oracle | 2 Jenkins, Communications Cloud Native Core Automated Test Suite | 2022-06-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| An improper authorization vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to have Jenkins submit HTTP GET requests and get limited information about the response. | |||||
| CVE-2022-1285 | 1 Gogs | 1 Gogs | 2022-06-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.8. | |||||
| CVE-2022-29188 | 1 Stripe | 1 Smokescreen | 2022-06-07 | 6.4 MEDIUM | 6.5 MEDIUM |
| Smokescreen is an HTTP proxy. The primary use case for Smokescreen is to prevent server-side request forgery (SSRF) attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an option to deny access to additional (e.g., external) URLs by way of a deny list. There was an issue in Smokescreen that made it possible to bypass the deny list feature by surrounding the hostname with square brackets (e.g. `[example.com]`). This only impacted the HTTP proxy functionality of Smokescreen. HTTPS requests were not impacted. Smokescreen version 0.0.4 contains a patch for this issue. | |||||
| CVE-2022-23668 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2022-05-25 | 4.0 MEDIUM | 4.9 MEDIUM |
| A remote authenticated server-side request forgery (ssrf) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manage that address this security vulnerability. | |||||
| CVE-2022-1398 | 1 External Media Without Import Project | 1 External Media Without Import | 2022-05-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| The External Media without Import WordPress plugin through 1.1.2 does not have any authorisation and does to ensure that medias added via URLs are external medias, which could allow any authenticated users, such as subscriber to perform blind SSRF attacks | |||||
| CVE-2022-29848 | 1 Ipswitch | 1 Whatsup Gold | 2022-05-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Progress Ipswitch WhatsUp Gold 17.0.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read sensitive operating-system attributes from a host that is accessible by the WhatsUp Gold system. | |||||
| CVE-2020-29445 | 1 Atlassian | 1 Confluence Server | 2022-05-13 | 4.0 MEDIUM | 4.3 MEDIUM |
| Affected versions of Confluence Server before 7.4.8, and versions from 7.5.0 before 7.11.0 allow attackers to identify internal hosts and ports via a blind server-side request forgery vulnerability in Team Calendars parameters. | |||||
| CVE-2022-29942 | 1 Talend | 1 Administration Center | 2022-05-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| Talend Administration Center has a vulnerability that allows an authenticated user to use the Service Registry 'Add' functionality to perform SSRF HTTP GET requests on URLs in the internal network. The issue is fixed for versions 8.0.x in TPS-5189, versions 7.3.x in TPS-5175, and versions 7.2.x in TPS-5201. Earlier versions of Talend Administration Center may also be impacted; users are encouraged to update to a supported version. | |||||
| CVE-2022-28117 | 1 Naviwebs | 1 Navigate Cms | 2022-05-12 | 4.0 MEDIUM | 4.9 MEDIUM |
| A Server-Side Request Forgery (SSRF) in feed_parser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter. | |||||
| CVE-2022-28090 | 1 Ujcms | 1 Jspxcms | 2022-05-12 | 6.4 MEDIUM | 6.5 MEDIUM |
| Jspxcms v10.2.0 allows attackers to execute a Server-Side Request Forgery (SSRF) via /cmscp/ext/collect/fetch_url.do?url=. | |||||
| CVE-2022-24871 | 1 Shopware | 1 Shopware | 2022-04-28 | 5.5 MEDIUM | 5.5 MEDIUM |
| Shopware is an open commerce platform based on Symfony Framework and Vue. In affected versions an attacker can abuse the Admin SDK functionality on the server to read or update internal resources. Users are advised to update to the current version 6.4.10.1. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. There are no known workarounds for this issue. | |||||
| CVE-2022-24825 | 1 Stripe | 1 Smokescreen | 2022-04-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| Smokescreen is a simple HTTP proxy that fogs over naughty URLs. The primary use case for Smokescreen is to prevent server-side request forgery (SSRF) attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an option to deny access to additional (e.g., external) URLs by way of a deny list. There was an issue in Smokescreen that made it possible to bypass the deny list feature by appending a dot to the end of user-supplied URLs, or by providing input in a different letter case. Recommended to upgrade Smokescreen to version 0.0.3 or later. | |||||
| CVE-2022-0508 | 1 Framasoft | 1 Peertube | 2022-02-15 | 5.0 MEDIUM | 5.3 MEDIUM |
| Server-Side Request Forgery (SSRF) in GitHub repository chocobozzz/peertube prior to f33e515991a32885622b217bf2ed1d1b0d9d6832 | |||||
| CVE-2021-26699 | 1 Open-xchange | 1 Open-xchange Appsuite | 2022-02-10 | 5.8 MEDIUM | 5.4 MEDIUM |
| OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is used. | |||||
| CVE-2021-36349 | 1 Dell | 1 Emc Data Protection Central | 2022-01-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| Dell EMC Data Protection Central versions 19.5 and prior contain a Server Side Request Forgery vulnerability in the DPC DNS client processing. A remote malicious user could potentially exploit this vulnerability, allowing port scanning of external hosts. | |||||
| CVE-2021-41809 | 1 M-files | 1 M-files Server | 2022-01-26 | 4.0 MEDIUM | 4.3 MEDIUM |
| SSRF vulnerability in M-Files Server products with versions before 22.1.11017.1, in a preview function allowed making queries from the server with certain document types referencing external entities. | |||||
| CVE-2021-39927 | 1 Gitlab | 1 Gitlab | 2022-01-25 | 3.5 LOW | 4.3 MEDIUM |
| Server side request forgery protections in GitLab CE/EE versions between 8.4 and 14.4.x, between 14.5.0 and 14.5.x, and between 14.6.0 and 14.6.x would fail to protect against attacks sending requests to localhost on port 80 or 443 if GitLab was configured to run on a port other than 80 or 443 | |||||
| CVE-2022-22702 | 1 Partkeepr | 1 Partkeepr | 2022-01-19 | 4.0 MEDIUM | 4.3 MEDIUM |
| PartKeepr versions up to v1.4.0, in the functionality to upload attachments using a URL when creating a part does not validate that requests can be made to local ports, allowing an authenticated user to carry out SSRF attacks and port enumeration. | |||||
| CVE-2020-28977 | 1 Canto | 1 Canto | 2022-01-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/get.php?subdomain=SSRF. | |||||
| CVE-2020-28976 | 1 Canto | 1 Canto | 2022-01-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/detail.php?subdomain=SSRF. | |||||
| CVE-2020-28978 | 1 Canto | 1 Canto | 2022-01-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/tree.php?subdomain=SSRF. | |||||
| CVE-2021-34425 | 5 Apple, Google, Linux and 2 more | 6 Iphone Os, Macos, Android and 3 more | 2022-01-03 | 4.0 MEDIUM | 6.1 MEDIUM |
| The Zoom Client for Meetings before version 5.7.3 (for Android, iOS, Linux, macOS, and Windows) contain a server side request forgery vulnerability in the chat\'s "link preview" functionality. In versions prior to 5.7.3, if a user were to enable the chat\'s "link preview" feature, a malicious actor could trick the user into potentially sending arbitrary HTTP GET requests to URLs that the actor cannot reach directly. | |||||
| CVE-2019-15021 | 1 Zingbox | 1 Inspector | 2022-01-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that can allow an attacker to easily identify instances of Zingbox Inspectors in a local area network. | |||||
| CVE-2019-20474 | 1 Zohocorp | 1 Manageengine Remote Access Plus | 2022-01-01 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Zoho ManageEngine Remote Access Plus 10.0.447. The service to test the mail-server configuration suffers from an authorization issue allowing a user with the Guest role (read-only access) to use and abuse it. One of the abuses allows performing network and port scan operations of the localhost or the hosts on the same network segment, aka SSRF. | |||||
| CVE-2019-18846 | 1 Open-xchange | 1 Open-xchange Appsuite | 2022-01-01 | 4.0 MEDIUM | 5.0 MEDIUM |
| OX App Suite through 7.10.2 allows SSRF. | |||||
| CVE-2020-8118 | 3 Nextcloud, Novell, Opensuse | 3 Nextcloud Server, Suse Linux Enterprise Server, Backports Sle | 2021-12-22 | 4.0 MEDIUM | 5.0 MEDIUM |
| An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application. | |||||
| CVE-2021-37940 | 1 Elastic | 1 Enterprise Search | 2021-12-09 | 4.0 MEDIUM | 6.8 MEDIUM |
| An information disclosure via GET request server-side request forgery vulnerability was discovered with the Workplace Search Github Enterprise Server integration. Using this vulnerability, a malicious Workplace Search admin could use the GHES integration to view hosts that might not be publicly accessible. | |||||
| CVE-2021-29863 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2021-12-02 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM QRadar SIEM 7.3 and 7.4 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. This vulnerability is due to an incomplete fix for CVE-2020-4786. IBM X-Force ID: 206087. | |||||
| CVE-2021-36327 | 1 Dell | 1 Emc Streaming Data Platform | 2021-12-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| Dell EMC Streaming Data Platform versions before 1.3 contain a Server Side Request Forgery Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to perform port scanning of internal networks and make HTTP requests to an arbitrary domain of the attacker's choice. | |||||
| CVE-2020-28463 | 2 Fedoraproject, Reportlab | 2 Fedora, Reportlab | 2021-11-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab's documentation) Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demos -> odyssey -> dodyssey 3. In the text file odyssey.txt that needs to be converted to pdf inject <img src="http://127.0.0.1:5000" valign="top"/> 4. Create a nc listener nc -lp 5000 5. Run python3 dodyssey.py 6. You will get a hit on your nc showing we have successfully proceded to send a server side request 7. dodyssey.py will show error since there is no img file on the url, but we are able to do SSRF | |||||
| CVE-2021-22969 | 1 Concretecms | 1 Concrete Cms | 2021-11-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| Concrete CMS (formerly concrete5) versions below 8.5.7 has a SSRF mitigation bypass using DNS Rebind attack giving an attacker the ability to fetch cloud IAAS (ex AWS) IAM keys.To fix this Concrete CMS no longer allows downloads from the local network and specifies the validated IP when downloading rather than relying on DNS.Discoverer: Adrian Tiron from FORTBRIDGE ( https://www.fortbridge.co.uk/ )The Concrete CMS team gave this a CVSS 3.1 score of 3.5 AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N . Please note that Cloud IAAS provider mis-configurations are not Concrete CMS vulnerabilities. A mitigation for this vulnerability is to make sure that the IMDS configurations are according to a cloud provider's best practices.This fix is also in Concrete version 9.0.0 | |||||
| CVE-2021-43293 | 1 Sonatype | 1 Nexus Repository Manager | 2021-11-05 | 4.0 MEDIUM | 4.3 MEDIUM |
| Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote authenticated attacker to potentially perform network enumeration via Server Side Request Forgery (SSRF). | |||||
| CVE-2021-29738 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2021-11-03 | 5.5 MEDIUM | 5.4 MEDIUM |
| IBM InfoSphere Data Flow Designer (IBM InfoSphere Information Server 11.7 ) is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 201302. | |||||
| CVE-2021-35512 | 1 Zohocorp | 1 Manageengine Applications Manager | 2021-10-28 | 6.4 MEDIUM | 6.5 MEDIUM |
| An SSRF issue was discovered in Zoho ManageEngine Applications Manager build 15200. | |||||
| CVE-2021-41792 | 1 Alfresco | 2 Alfresco Content Services, Alfresco Transform Services | 2021-10-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Hyland org.alfresco:alfresco-content-services through 6.2.2.18 and org.alfresco:alfresco-transform-services through 1.3. A crafted HTML file, once uploaded, could trigger an unexpected request by the transformation engine. The response to the request is not available to the attacker, i.e., this is blind SSRF. | |||||
| CVE-2020-10770 | 1 Redhat | 1 Keycloak | 2021-10-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack. | |||||
| CVE-2021-25972 | 1 Tuzitio | 1 Camaleon Cms | 2021-10-25 | 4.0 MEDIUM | 4.9 MEDIUM |
| In Camaleon CMS, versions 2.1.2.0 to 2.6.0, are vulnerable to Server-Side Request Forgery (SSRF) in the media upload feature, which allows admin users to fetch media files from external URLs but fails to validate URLs referencing to localhost or other internal servers. This allows attackers to read files stored in the internal server. | |||||
| CVE-2021-39894 | 1 Gitlab | 1 Gitlab | 2021-10-12 | 5.5 MEDIUM | 5.4 MEDIUM |
| In all versions of GitLab CE/EE since version 8.0, a DNS rebinding vulnerability exists in Fogbugz importer which may be used by attackers to exploit Server Side Request Forgery attacks. | |||||
| CVE-2021-37223 | 1 Nagios | 1 Nagios Xi | 2021-10-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| Nagios Enterprises NagiosXI <= 5.8.4 contains a Server-Side Request Forgery (SSRF) vulnerability in schedulereport.php. Any authenticated user can create scheduled reports containing PDF screenshots of any view in the NagiosXI application. Due to lack of input sanitisation, the target page can be replaced with an SSRF payload to access internal resources or disclose local system files. | |||||
| CVE-2021-41385 | 1 Securonix | 1 Snypr | 2021-10-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| The third party intelligence connector in Securonix SNYPR 6.3.1 Build 184295_0302 allows an authenticated user to obtain access to server configuration details via SSRF. | |||||
| CVE-2020-24141 | 1 Wp-downloadmanager Project | 1 Wp-downloadmanager | 2021-10-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| Server-side request forgery in the WP-DownloadManager plugin 1.68.4 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the file_remote parameter to download-add.php. It can help identify open ports, local network hosts and execute command on services | |||||
| CVE-2021-39339 | 1 Telefication | 1 Telefication | 2021-10-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Telefication WordPress plugin is vulnerable to Open Proxy and Server-Side Request Forgery via the ~/bypass.php file due to a user-supplied URL request value that gets called by a curl requests. This affects versions up to, and including, 1.8.0. | |||||
| CVE-2021-40109 | 1 Concretecms | 1 Concrete Cms | 2021-09-30 | 5.5 MEDIUM | 6.4 MEDIUM |
| A SSRF issue was discovered in Concrete CMS through 8.5.5. Users can access forbidden files on their local network. A user with permissions to upload files from external sites can upload a URL that redirects to an internal resource of any file type. The redirect is followed and loads the contents of the file from the redirected-to server. Files of disallowed types can be uploaded. | |||||
| CVE-2020-24327 | 1 Discourse | 1 Discourse | 2021-09-29 | 5.0 MEDIUM | 5.3 MEDIUM |
| Server Side Request Forgery (SSRF) vulnerability exists in Discourse 2.3.2 and 2.6 via the email function. When writing an email in an editor, you can upload pictures of remote websites. | |||||
| CVE-2020-21122 | 1 Ureport Project | 1 Ureport | 2021-09-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| UReport v2.2.9 contains a Server-Side Request Forgery (SSRF) in the designer page which allows attackers to detect intranet device ports. | |||||