Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-918
Total 774 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-44659 1 Thoughtworks 1 Gocd 2022-05-13 7.5 HIGH 9.8 CRITICAL
** DISPUTED ** Adding a new pipeline in GoCD server version 21.3.0 has a functionality that could be abused to do an un-intended action in order to achieve a Server Side Request Forgery (SSRF). NOTE: the vendor's position is that the observed behavior is not a vulnerability, because the product's design allows an admin to configure outbound requests.
CVE-2022-1592 1 Clinical-genomics 1 Scout 2022-05-12 6.4 MEDIUM 8.2 HIGH
Server-Side Request Forgery in scout in GitHub repository clinical-genomics/scout prior to v4.42. An attacker could make the application perform arbitrary requests to fishing steal cookie, request to private area, or lead to xss...
CVE-2022-28117 1 Naviwebs 1 Navigate Cms 2022-05-12 4.0 MEDIUM 4.9 MEDIUM
A Server-Side Request Forgery (SSRF) in feed_parser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter.
CVE-2021-22696 2 Apache, Oracle 6 Cxf, Business Intelligence, Communications Diameter Intelligence Hub and 3 more 2022-05-12 5.0 MEDIUM 7.5 HIGH
CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)). Instead of sending a JWT token as a "request" parameter, the spec also supports specifying a URI from which to retrieve a JWT token from via the "request_uri" parameter. CXF was not validating the "request_uri" parameter (apart from ensuring it uses "https) and was making a REST request to the parameter in the request to retrieve a token. This means that CXF was vulnerable to DDos attacks on the authorization server, as specified in section 10.4.1 of the spec. This issue affects Apache CXF versions prior to 3.4.3; Apache CXF versions prior to 3.3.10.
CVE-2022-28090 1 Ujcms 1 Jspxcms 2022-05-12 6.4 MEDIUM 6.5 MEDIUM
Jspxcms v10.2.0 allows attackers to execute a Server-Side Request Forgery (SSRF) via /cmscp/ext/collect/fetch_url.do?url=.
CVE-2022-25850 1 Proxyscotch Project 1 Proxyscotch 2022-05-11 5.0 MEDIUM 7.5 HIGH
The package github.com/hoppscotch/proxyscotch before 1.0.0 are vulnerable to Server-side Request Forgery (SSRF) when interceptor mode is set to proxy. It occurs when an HTTP request is made by a backend server to an untrusted URL submitted by a user. It leads to a leakage of sensitive information from the server.
CVE-2022-29556 1 Northern.tech 1 Mender 2022-05-10 7.5 HIGH 9.8 CRITICAL
The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise before 3.2.2 allows SSRF because the Azure IoT Hub integration provides several SSRF primitives that can execute cross-tenant actions via internal API endpoints.
CVE-2021-40822 1 Osgeo 1 Geoserver 2022-05-09 5.0 MEDIUM 7.5 HIGH
GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host.
CVE-2022-1239 1 Hubspot 1 Hubspot 2022-05-09 6.5 MEDIUM 8.8 HIGH
The HubSpot WordPress plugin before 8.8.15 does not validate the proxy URL given to the proxy REST endpoint, which could allow users with the edit_posts capability (by default contributor and above) to perform SSRF attacks
CVE-2022-27469 1 Monstaftp 1 Monsta Ftp 2022-05-05 7.5 HIGH 9.8 CRITICAL
Monstaftp v2.10.3 was discovered to allow attackers to execute Server-Side Request Forgery (SSRF).
CVE-2022-27311 1 Gibbon Project 1 Gibbon 2022-05-05 7.5 HIGH 9.8 CRITICAL
Gibbon v3.4.4 and below allows attackers to execute a Server-Side Request Forgery (SSRF) via a crafted URL.
CVE-2022-27429 1 Jizhicms 1 Jizhicms 2022-05-05 7.5 HIGH 9.8 CRITICAL
Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via /admin.php/Plugins/update.html.
CVE-2021-36203 1 Johnsoncontrols 1 Metasys System Configuration Tool 2022-05-03 6.4 MEDIUM 9.1 CRITICAL
The affected product may allow an attacker to identify and forge requests to internal systems by way of a specially crafted request.
CVE-2022-24862 1 Databasir Project 1 Databasir 2022-05-03 4.0 MEDIUM 7.7 HIGH
Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has Server-Side Request Forgery vulnerability. During the download verification process of a JDBC driver the corresponding JDBC driver download address will be downloaded first, but this address will return a response page with complete error information when accessing a non-existent URL. Attackers can take advantage of this feature for SSRF.
CVE-2022-24871 1 Shopware 1 Shopware 2022-04-28 5.5 MEDIUM 5.5 MEDIUM
Shopware is an open commerce platform based on Symfony Framework and Vue. In affected versions an attacker can abuse the Admin SDK functionality on the server to read or update internal resources. Users are advised to update to the current version 6.4.10.1. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. There are no known workarounds for this issue.
CVE-2022-24825 1 Stripe 1 Smokescreen 2022-04-27 5.0 MEDIUM 5.3 MEDIUM
Smokescreen is a simple HTTP proxy that fogs over naughty URLs. The primary use case for Smokescreen is to prevent server-side request forgery (SSRF) attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an option to deny access to additional (e.g., external) URLs by way of a deny list. There was an issue in Smokescreen that made it possible to bypass the deny list feature by appending a dot to the end of user-supplied URLs, or by providing input in a different letter case. Recommended to upgrade Smokescreen to version 0.0.3 or later.
CVE-2021-43296 1 Zohocorp 1 Manageengine Supportcenter Plus 2022-04-27 5.0 MEDIUM 7.5 HIGH
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an SSRF attack in ActionExecutor.
CVE-2022-1037 1 Villatheme 1 Exmage 2022-04-26 6.5 MEDIUM 7.2 HIGH
The EXMAGE WordPress plugin before 1.0.7 does to ensure that images added via URLs are external images, which could lead to a blind SSRF issue by using local URLs
CVE-2020-35205 1 Quest 1 Policy Authority For Unified Communications 2022-04-25 7.5 HIGH 9.8 CRITICAL
** UNSUPPORTED WHEN ASSIGNED ** Server Side Request Forgery (SSRF) in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to scan internal ports and make outbound connections via the initFile.jsp file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2022-27426 1 Chamilo 1 Chamilo Lms 2022-04-25 6.5 MEDIUM 8.8 HIGH
A Server-Side Request Forgery (SSRF) in Chamilo LMS v1.11.13 allows attackers to enumerate the internal network and execute arbitrary system commands via a crafted Phar file.