CVE-2023-48910

Microcks up to 1.17.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /jobs and /artifact/download. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request.
Configurations

Configuration 1 (hide)

cpe:2.3:a:microcks:microcks:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:32

Type Values Removed Values Added
References () https://gist.github.com/b33t1e/2a2dc17cf36cd741b2c99425c892d826 - Exploit, Third Party Advisory () https://gist.github.com/b33t1e/2a2dc17cf36cd741b2c99425c892d826 - Exploit, Third Party Advisory
References () https://github.com/microcks/microcks - Product () https://github.com/microcks/microcks - Product
References () https://github.com/orgs/microcks/discussions/892 - Exploit, Issue Tracking, Third Party Advisory () https://github.com/orgs/microcks/discussions/892 - Exploit, Issue Tracking, Third Party Advisory

07 Dec 2023, 21:02

Type Values Removed Values Added
CWE CWE-918
First Time Microcks
Microcks microcks
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CPE cpe:2.3:a:microcks:microcks:*:*:*:*:*:*:*:*
References () https://github.com/microcks/microcks - () https://github.com/microcks/microcks - Product
References () https://github.com/orgs/microcks/discussions/892 - () https://github.com/orgs/microcks/discussions/892 - Exploit, Issue Tracking, Third Party Advisory
References () https://gist.github.com/b33t1e/2a2dc17cf36cd741b2c99425c892d826 - () https://gist.github.com/b33t1e/2a2dc17cf36cd741b2c99425c892d826 - Exploit, Third Party Advisory

04 Dec 2023, 17:16

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-04 17:15

Updated : 2024-11-21 08:32


NVD link : CVE-2023-48910

Mitre link : CVE-2023-48910

CVE.ORG link : CVE-2023-48910


JSON object : View

Products Affected

microcks

  • microcks
CWE
CWE-918

Server-Side Request Forgery (SSRF)