Total
774 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-44659 | 1 Thoughtworks | 1 Gocd | 2022-05-13 | 7.5 HIGH | 9.8 CRITICAL |
** DISPUTED ** Adding a new pipeline in GoCD server version 21.3.0 has a functionality that could be abused to do an un-intended action in order to achieve a Server Side Request Forgery (SSRF). NOTE: the vendor's position is that the observed behavior is not a vulnerability, because the product's design allows an admin to configure outbound requests. | |||||
CVE-2022-1592 | 1 Clinical-genomics | 1 Scout | 2022-05-12 | 6.4 MEDIUM | 8.2 HIGH |
Server-Side Request Forgery in scout in GitHub repository clinical-genomics/scout prior to v4.42. An attacker could make the application perform arbitrary requests to fishing steal cookie, request to private area, or lead to xss... | |||||
CVE-2022-28117 | 1 Naviwebs | 1 Navigate Cms | 2022-05-12 | 4.0 MEDIUM | 4.9 MEDIUM |
A Server-Side Request Forgery (SSRF) in feed_parser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter. | |||||
CVE-2021-22696 | 2 Apache, Oracle | 6 Cxf, Business Intelligence, Communications Diameter Intelligence Hub and 3 more | 2022-05-12 | 5.0 MEDIUM | 7.5 HIGH |
CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)). Instead of sending a JWT token as a "request" parameter, the spec also supports specifying a URI from which to retrieve a JWT token from via the "request_uri" parameter. CXF was not validating the "request_uri" parameter (apart from ensuring it uses "https) and was making a REST request to the parameter in the request to retrieve a token. This means that CXF was vulnerable to DDos attacks on the authorization server, as specified in section 10.4.1 of the spec. This issue affects Apache CXF versions prior to 3.4.3; Apache CXF versions prior to 3.3.10. | |||||
CVE-2022-28090 | 1 Ujcms | 1 Jspxcms | 2022-05-12 | 6.4 MEDIUM | 6.5 MEDIUM |
Jspxcms v10.2.0 allows attackers to execute a Server-Side Request Forgery (SSRF) via /cmscp/ext/collect/fetch_url.do?url=. | |||||
CVE-2022-25850 | 1 Proxyscotch Project | 1 Proxyscotch | 2022-05-11 | 5.0 MEDIUM | 7.5 HIGH |
The package github.com/hoppscotch/proxyscotch before 1.0.0 are vulnerable to Server-side Request Forgery (SSRF) when interceptor mode is set to proxy. It occurs when an HTTP request is made by a backend server to an untrusted URL submitted by a user. It leads to a leakage of sensitive information from the server. | |||||
CVE-2022-29556 | 1 Northern.tech | 1 Mender | 2022-05-10 | 7.5 HIGH | 9.8 CRITICAL |
The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise before 3.2.2 allows SSRF because the Azure IoT Hub integration provides several SSRF primitives that can execute cross-tenant actions via internal API endpoints. | |||||
CVE-2021-40822 | 1 Osgeo | 1 Geoserver | 2022-05-09 | 5.0 MEDIUM | 7.5 HIGH |
GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host. | |||||
CVE-2022-1239 | 1 Hubspot | 1 Hubspot | 2022-05-09 | 6.5 MEDIUM | 8.8 HIGH |
The HubSpot WordPress plugin before 8.8.15 does not validate the proxy URL given to the proxy REST endpoint, which could allow users with the edit_posts capability (by default contributor and above) to perform SSRF attacks | |||||
CVE-2022-27469 | 1 Monstaftp | 1 Monsta Ftp | 2022-05-05 | 7.5 HIGH | 9.8 CRITICAL |
Monstaftp v2.10.3 was discovered to allow attackers to execute Server-Side Request Forgery (SSRF). | |||||
CVE-2022-27311 | 1 Gibbon Project | 1 Gibbon | 2022-05-05 | 7.5 HIGH | 9.8 CRITICAL |
Gibbon v3.4.4 and below allows attackers to execute a Server-Side Request Forgery (SSRF) via a crafted URL. | |||||
CVE-2022-27429 | 1 Jizhicms | 1 Jizhicms | 2022-05-05 | 7.5 HIGH | 9.8 CRITICAL |
Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via /admin.php/Plugins/update.html. | |||||
CVE-2021-36203 | 1 Johnsoncontrols | 1 Metasys System Configuration Tool | 2022-05-03 | 6.4 MEDIUM | 9.1 CRITICAL |
The affected product may allow an attacker to identify and forge requests to internal systems by way of a specially crafted request. | |||||
CVE-2022-24862 | 1 Databasir Project | 1 Databasir | 2022-05-03 | 4.0 MEDIUM | 7.7 HIGH |
Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has Server-Side Request Forgery vulnerability. During the download verification process of a JDBC driver the corresponding JDBC driver download address will be downloaded first, but this address will return a response page with complete error information when accessing a non-existent URL. Attackers can take advantage of this feature for SSRF. | |||||
CVE-2022-24871 | 1 Shopware | 1 Shopware | 2022-04-28 | 5.5 MEDIUM | 5.5 MEDIUM |
Shopware is an open commerce platform based on Symfony Framework and Vue. In affected versions an attacker can abuse the Admin SDK functionality on the server to read or update internal resources. Users are advised to update to the current version 6.4.10.1. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. There are no known workarounds for this issue. | |||||
CVE-2022-24825 | 1 Stripe | 1 Smokescreen | 2022-04-27 | 5.0 MEDIUM | 5.3 MEDIUM |
Smokescreen is a simple HTTP proxy that fogs over naughty URLs. The primary use case for Smokescreen is to prevent server-side request forgery (SSRF) attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an option to deny access to additional (e.g., external) URLs by way of a deny list. There was an issue in Smokescreen that made it possible to bypass the deny list feature by appending a dot to the end of user-supplied URLs, or by providing input in a different letter case. Recommended to upgrade Smokescreen to version 0.0.3 or later. | |||||
CVE-2021-43296 | 1 Zohocorp | 1 Manageengine Supportcenter Plus | 2022-04-27 | 5.0 MEDIUM | 7.5 HIGH |
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an SSRF attack in ActionExecutor. | |||||
CVE-2022-1037 | 1 Villatheme | 1 Exmage | 2022-04-26 | 6.5 MEDIUM | 7.2 HIGH |
The EXMAGE WordPress plugin before 1.0.7 does to ensure that images added via URLs are external images, which could lead to a blind SSRF issue by using local URLs | |||||
CVE-2020-35205 | 1 Quest | 1 Policy Authority For Unified Communications | 2022-04-25 | 7.5 HIGH | 9.8 CRITICAL |
** UNSUPPORTED WHEN ASSIGNED ** Server Side Request Forgery (SSRF) in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to scan internal ports and make outbound connections via the initFile.jsp file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
CVE-2022-27426 | 1 Chamilo | 1 Chamilo Lms | 2022-04-25 | 6.5 MEDIUM | 8.8 HIGH |
A Server-Side Request Forgery (SSRF) in Chamilo LMS v1.11.13 allows attackers to enumerate the internal network and execute arbitrary system commands via a crafted Phar file. |