Total
774 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-24622 | 1 Includesecurity | 1 Safeurl-python | 2023-02-07 | N/A | 5.3 MEDIUM |
isInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regular expression for external domains, leading to SSRF. | |||||
CVE-2023-24623 | 1 Paranoidhttp Project | 1 Paranoidhttp | 2023-02-07 | N/A | 7.5 HIGH |
Paranoidhttp before 0.3.0 allows SSRF because [::] is equivalent to the 127.0.0.1 address, but does not match the filter for private addresses. | |||||
CVE-2023-24495 | 1 Tenable | 1 Tenable.sc | 2023-02-06 | N/A | 6.5 MEDIUM |
A Server Side Request Forgery (SSRF) vulnerability exists in Tenable.sc due to improper validation of session & user-accessible input data. A privileged, authenticated remote attacker could interact with external and internal services covertly. | |||||
CVE-2022-4335 | 1 Gitlab | 1 Gitlab | 2023-02-06 | N/A | 4.3 MEDIUM |
A blind SSRF vulnerability was identified in all versions of GitLab EE prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which allows an attacker to connect to a local host. | |||||
CVE-2022-4201 | 1 Gitlab | 1 Gitlab | 2023-02-06 | N/A | 5.3 MEDIUM |
A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 allows an attacker to connect to local addresses when configuring a malicious GitLab Runner. | |||||
CVE-2019-17669 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2023-02-03 | 7.5 HIGH | 9.8 CRITICAL |
WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters. | |||||
CVE-2022-26499 | 2 Debian, Digium | 2 Debian Linux, Asterisk | 2023-02-02 | 6.4 MEDIUM | 9.1 CRITICAL |
An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests (such as GET) to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2. | |||||
CVE-2022-45152 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2023-02-01 | N/A | 9.1 CRITICAL |
A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems. This vulnerability allows a remote attacker to perform SSRF attacks. | |||||
CVE-2022-46998 | 1 Taogogo | 1 Taocms | 2023-02-01 | N/A | 9.8 CRITICAL |
An issue in the website background of taocms v3.0.2 allows attackers to execute a Server-Side Request Forgery (SSRF). | |||||
CVE-2020-16248 | 1 Prometheus | 1 Blackbox Exporter | 2023-01-31 | 5.0 MEDIUM | 5.8 MEDIUM |
** DISPUTED ** Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. NOTE: follow-on discussion suggests that this might plausibly be interpreted as both intended functionality and also a vulnerability. | |||||
CVE-2021-43449 | 1 Onlyoffice | 1 Server | 2023-01-31 | N/A | 8.1 HIGH |
ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Server-Side Request Forgery (SSRF). The document editor service can be abused to read and serve arbitrary URLs as a document. | |||||
CVE-2019-4203 | 1 Ibm | 1 Api Connect | 2023-01-30 | 9.0 HIGH | 9.8 CRITICAL |
IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited by app developers to download arbitrary files from the host OS and potentially carry out SSRF attacks. IBM X-Force ID: 159124. | |||||
CVE-2022-28217 | 1 Sap | 1 Netweaver | 2023-01-30 | 4.0 MEDIUM | 6.5 MEDIUM |
Some part of SAP NetWeaver (EP Web Page Composer) does not sufficiently validate an XML document accepted from an untrusted source, which allows an adversary to exploit unprotected XML parking at endpoints, and a possibility to conduct SSRF attacks that could compromise system?s Availability by causing system to crash. | |||||
CVE-2021-37498 | 1 Reprisesoftware | 1 Reprise License Manager | 2023-01-27 | N/A | 6.5 MEDIUM |
An SSRF issue was discovered in Reprise License Manager (RLM) web interface through 14.2BL4 that allows remote attackers to trigger outbound requests to intranet servers, conduct port scans via the actserver parameter in License Activation function. | |||||
CVE-2023-20002 | 1 Cisco | 2 Roomos, Telepresence Collaboration Endpoint | 2023-01-26 | N/A | 4.4 MEDIUM |
A vulnerability in Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to bypass access controls and conduct an SSRF attack through an affected device. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to a user of the web application. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected system. | |||||
CVE-2022-45926 | 1 Opentext | 1 Opentext Extended Ecm | 2023-01-26 | N/A | 8.8 HIGH |
An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The endpoint notify.localizeEmailTemplate allows a low-privilege user to evaluate webreports. | |||||
CVE-2022-25026 | 1 Rocketsoftware | 1 Trufusion Enterprise | 2023-01-23 | N/A | 7.5 HIGH |
A Server-Side Request Forgery (SSRF) in Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to gain access to sensitive resources on the internal network via a crafted HTTP request to /trufusionPortal/upDwModuleProxy. | |||||
CVE-2022-3841 | 1 Redhat | 1 Advanced Cluster Management For Kubernetes | 2023-01-20 | N/A | 7.8 HIGH |
RHACM: unauthenticated SSRF in console API endpoint. A Server-Side Request Forgery (SSRF) vulnerability was found in the console API endpoint from Red Hat Advanced Cluster Management for Kubernetes (RHACM). An attacker could take advantage of this as the console API endpoint is missing an authentication check, allowing unauthenticated users making requests. | |||||
CVE-2022-35949 | 1 Nodejs | 1 Undici | 2023-01-18 | N/A | 9.8 CRITICAL |
undici is an HTTP/1.1 client, written from scratch for Node.js.`undici` is vulnerable to SSRF (Server-side Request Forgery) when an application takes in **user input** into the `path/pathname` option of `undici.request`. If a user specifies a URL such as `http://127.0.0.1` or `//127.0.0.1` ```js const undici = require("undici") undici.request({origin: "http://example.com", pathname: "//127.0.0.1"}) ``` Instead of processing the request as `http://example.org//127.0.0.1` (or `http://example.org/http://127.0.0.1` when `http://127.0.0.1 is used`), it actually processes the request as `http://127.0.0.1/` and sends it to `http://127.0.0.1`. If a developer passes in user input into `path` parameter of `undici.request`, it can result in an _SSRF_ as they will assume that the hostname cannot change, when in actual fact it can change because the specified path parameter is combined with the base URL. This issue was fixed in `undici@5.8.1`. The best workaround is to validate user input before passing it to the `undici.request` call. | |||||
CVE-2020-26948 | 1 Emby | 1 Emby | 2023-01-10 | 7.5 HIGH | 9.8 CRITICAL |
Emby Server before 4.5.0 allows SSRF via the Items/RemoteSearch/Image ImageURL parameter. |