Total
1195 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-41054 | 1 Ahwx | 1 Librey | 2024-02-28 | N/A | 9.1 CRITICAL |
| LibreY is a fork of LibreX, a framework-less and javascript-free privacy respecting meta search engine. LibreY is subject to a Server-Side Request Forgery (SSRF) vulnerability in the `image_proxy.php` file of LibreY before commit 8f9b9803f231e2954e5b49987a532d28fe50a627. This vulnerability allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network or conduct Denial-of-Service (DoS) attacks via the `url` parameter. Remote attackers can use the server as a proxy to send HTTP GET requests and retrieve information in the internal network. Remote attackers can also request the server to download large files or chain requests among multiple instances to reduce the performance of the server or even deny access from legitimate users. This issue has been addressed in https://github.com/Ahwxorg/LibreY/pull/31. LibreY hosters are advised to use the latest commit. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-46725 | 1 Foodcoopshop | 1 Foodcoopshop | 2024-02-28 | N/A | 7.5 HIGH |
| FoodCoopShop is open source software for food coops and local shops. Versions starting with 3.2.0 prior to 3.6.1 are vulnerable to server-side request forgery. In the Network module, a manufacturer account can use the `/api/updateProducts.json` endpoint to make the server send a request to an arbitrary host. This means that the server can be used as a proxy into the internal network where the server is. Furthermore, the checks on a valid image are not adequate, leading to a time of check time of use issue. For example, by using a custom server that returns 200 on HEAD requests, then return a valid image on first GET request and then a 302 redirect to final target on second GET request, the server will copy whatever file is at the redirect destination, making this a full SSRF. Version 3.6.1 fixes this vulnerability. | |||||
| CVE-2023-35896 | 3 Ibm, Linux, Microsoft | 3 Content Navigator, Linux Kernel, Windows | 2024-02-28 | N/A | 5.4 MEDIUM |
| IBM Content Navigator 3.0.13 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 259247. | |||||
| CVE-2023-42398 | 1 Zzcms | 1 Zzcms | 2024-02-28 | N/A | 9.8 CRITICAL |
| An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php. | |||||
| CVE-2023-39967 | 1 Wiremock | 1 Studio | 2024-02-28 | N/A | 10.0 CRITICAL |
| WireMock is a tool for mocking HTTP services. When certain request URLs like “@127.0.0.1:1234" are used in WireMock Studio configuration fields, the request might be forwarded to an arbitrary service reachable from WireMock’s instance. There are 3 identified potential attack vectors: via “TestRequester” functionality, webhooks and the proxy mode. As we can control HTTP Method, HTTP Headers, HTTP Data, it allows sending requests with the default level of credentials for the WireMock instance. The vendor has discontinued the affected Wiremock studio product and there will be no fix. Users are advised to find alternatives. | |||||
| CVE-2023-36388 | 1 Apache | 1 Superset | 2024-02-28 | N/A | 5.4 MEDIUM |
| Improper REST API permission in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma users to test network connections, possible SSRF. | |||||
| CVE-2023-26366 | 1 Adobe | 2 Commerce, Magento | 2024-02-28 | N/A | 6.8 MEDIUM |
| Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A high-privileged authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction, scope is changed due to the fact that an attacker can enforce file read outside the application's path boundary. | |||||
| CVE-2023-39109 | 1 Rconfig | 1 Rconfig | 2024-02-28 | N/A | 8.8 HIGH |
| rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_a parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs. | |||||
| CVE-2023-41055 | 1 Ahwx | 1 Librey | 2024-02-28 | N/A | 7.5 HIGH |
| LibreY is a fork of LibreX, a framework-less and javascript-free privacy respecting meta search engine. LibreY is subject to a Server-Side Request Forgery (SSRF) vulnerability in the `engines/google/text.php` and `engines/duckduckgo/text.php` files in versions before commit be59098abd119cda70b15bf3faac596dfd39a744. This vulnerability allows remote attackers to request the server to send HTTP GET requests to arbitrary targets and conduct Denial-of-Service (DoS) attacks via the `wikipedia_language` cookie. Remote attackers can request the server to download large files to reduce the performance of the server or even deny access from legitimate users. This issue has been patched in https://github.com/Ahwxorg/LibreY/pull/9. LibreY hosters are advised to use the latest commit. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-44469 | 1 Lemonldap-ng | 1 Lemonldap\ | 2024-02-28 | N/A | 4.3 MEDIUM |
| A Server-Side Request Forgery issue in the OpenID Connect Issuer in LemonLDAP::NG before 2.17.1 allows authenticated remote attackers to send GET requests to arbitrary URLs through the request_uri authorization parameter. This is similar to CVE-2020-10770. | |||||
| CVE-2023-42450 | 1 Joinmastodon | 1 Mastodon | 2024-02-28 | N/A | 7.5 HIGH |
| Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 4.2.0-beta1 and prior to version 4.2.0-rc2, by crafting specific input, attackers can inject arbitrary data into HTTP requests issued by Mastodon. This can be used to perform confused deputy attacks if the server configuration includes `ALLOWED_PRIVATE_ADDRESSES` to allow access to local exploitable services. Version 4.2.0-rc2 has a patch for the issue. | |||||
| CVE-2023-46229 | 1 Langchain | 1 Langchain | 2024-02-28 | N/A | 8.8 HIGH |
| LangChain before 0.0.317 allows SSRF via document_loaders/recursive_url_loader.py because crawling can proceed from an external server to an internal server. | |||||
| CVE-2023-25753 | 1 Apache | 1 Shenyu | 2024-02-28 | N/A | 6.5 MEDIUM |
| There exists an SSRF (Server-Side Request Forgery) vulnerability located at the /sandbox/proxyGateway endpoint. This vulnerability allows us to manipulate arbitrary requests and retrieve corresponding responses by inputting any URL into the requestUrl parameter. Of particular concern is our ability to exert control over the HTTP method, cookies, IP address, and headers. This effectively grants us the capability to dispatch complete HTTP requests to hosts of our choosing. This issue affects Apache ShenYu: 2.5.1. Upgrade to Apache ShenYu 2.6.0 or apply patch https://github.com/apache/shenyu/pull/4776 . | |||||
| CVE-2023-5572 | 1 Vrite | 1 Vrite | 2024-02-28 | N/A | 9.8 CRITICAL |
| Server-Side Request Forgery (SSRF) in GitHub repository vriteio/vrite prior to 0.3.0. | |||||
| CVE-2022-41401 | 1 Openrefine | 1 Openrefine | 2024-02-28 | N/A | 6.5 MEDIUM |
| OpenRefine <= v3.5.2 contains a Server-Side Request Forgery (SSRF) vulnerability, which permits unauthorized users to exploit the system, potentially leading to unauthorized access to internal resources and sensitive file disclosure. | |||||
| CVE-2023-3577 | 1 Mattermost | 1 Mattermost Server | 2024-02-28 | N/A | 4.3 MEDIUM |
| Mattermost fails to properly restrict requests to localhost/intranet during the interactive dialog, which could allow an attacker to perform a limited blind SSRF. | |||||
| CVE-2022-2416 | 1 Octopus | 1 Octopus Server | 2024-02-28 | N/A | 4.3 MEDIUM |
| In affected versions of Octopus Deploy it is possible for a low privileged guest user to craft a request that allows enumeration/recon of an environment. | |||||
| CVE-2023-44384 | 1 Discourse | 1 Discourse Jira | 2024-02-28 | N/A | 4.1 MEDIUM |
| Discourse-jira is a Discourse plugin allows Jira projects, issue types, fields and field options will be synced automatically. An administrator user can make an SSRF attack by setting the Jira URL to an arbitrary location and enabling the `discourse_jira_verbose_log` site setting. A moderator user could manipulate the request path to the Jira API, allowing them to perform arbitrary GET requests using the Jira API credentials, potentially with elevated permissions, used by the application. | |||||
| CVE-2023-4624 | 1 Bookstackapp | 1 Bookstack | 2024-02-28 | N/A | 2.4 LOW |
| Server-Side Request Forgery (SSRF) in GitHub repository bookstackapp/bookstack prior to v23.08. | |||||
| CVE-2023-3744 | 1 Slims | 1 Senayan Library Management System | 2024-02-28 | N/A | 8.8 HIGH |
| Server-Side Request Forgery vulnerability in SLims version 9.6.0. This vulnerability could allow an authenticated attacker to send requests to internal services or upload the contents of relevant files via the "scrape_image.php" file in the imageURL parameter. | |||||