Total
1195 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-32639 | 1 Nsa | 1 Emissary | 2024-02-28 | 6.5 MEDIUM | 9.9 CRITICAL |
Emissary is a P2P-based, data-driven workflow engine. Emissary version 6.4.0 is vulnerable to Server-Side Request Forgery (SSRF). In particular, the `RegisterPeerAction` endpoint and the `AddChildDirectoryAction` endpoint are vulnerable to SSRF. This vulnerability may lead to credential leaks. Emissary version 7.0 contains a patch. As a workaround, disable network access to Emissary from untrusted sources. | |||||
CVE-2021-25640 | 1 Apache | 1 Dubbo | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL method will lead to the bypass of white host check which can cause open redirect or SSRF vulnerability. | |||||
CVE-2021-20480 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM WebSphere Application Server 7.0, 8.0, and 8.5 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 197502. | |||||
CVE-2021-22175 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 6.8 MEDIUM | 9.8 CRITICAL |
When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is disabled | |||||
CVE-2021-36043 | 1 Adobe | 2 Adobe Commerce, Magento Open Source | 2024-02-28 | 6.0 MEDIUM | 6.6 MEDIUM |
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a blind SSRF vulnerability in the bundled dotmailer extension. An attacker with admin privileges could abuse this to achieve remote code execution should Redis be enabled. | |||||
CVE-2021-28627 | 1 Adobe | 1 Experience Manager | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is affected by a Server-side Request Forgery. An authenticated attacker could leverage this vulnerability to contact systems blocked by the dispatcher. Exploitation of this issue does not require user interaction. | |||||
CVE-2021-20343 | 1 Ibm | 9 Collaborative Lifecycle Management, Engineering Lifecycle Management, Engineering Lifecycle Optimization - Engineering Insights and 6 more | 2024-02-28 | 5.5 MEDIUM | 5.4 MEDIUM |
IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194593. | |||||
CVE-2020-24140 | 1 Wcms | 1 Wcms | 2024-02-28 | 7.5 HIGH | 8.3 HIGH |
Server-side request forgery in Wcms 0.3.2 let an attacker send crafted requests from the back-end server of a vulnerable web application via the pagename parameter to wex/html.php. It can help identify open ports, local network hosts and execute command on local services. | |||||
CVE-2020-21788 | 1 Crmeb | 1 Crmeb | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
In CRMEB 3.1.0+ strict domain name filtering leads to SSRF(Server-Side Request Forgery). The vulnerable code is in file /crmeb/app/admin/controller/store/CopyTaobao.php. | |||||
CVE-2021-32698 | 1 Elabftw | 1 Elabftw | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
eLabFTW is an open source electronic lab notebook for research labs. This vulnerability allows an attacker to make GET requests on behalf of the server. It is "blind" because the attacker cannot see the result of the request. Issue has been patched in eLabFTW 4.0.0. | |||||
CVE-2020-14327 | 1 Redhat | 1 Ansible Tower | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
A Server-side request forgery (SSRF) flaw was found in Ansible Tower in versions before 3.6.5 and before 3.7.2. Functionality on the Tower server is abused by supplying a URL that could lead to the server processing it. This flaw leads to the connection to internal services or the exposure of additional internal services by abusing the test feature of lookup credentials to forge HTTP/HTTPS requests from the server and retrieving the results of the response. | |||||
CVE-2021-35209 | 1 Zimbra | 1 Collaboration | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.x before 9.0.0 Patch 16. The value of the X-Host header overwrites the value of the Host header in proxied requests. The value of X-Host header is not checked against the whitelist of hosts Zimbra is allowed to proxy to (the zimbraProxyAllowedDomains setting). | |||||
CVE-2021-24371 | 1 Carrcommunications | 1 Rsvpmaker | 2024-02-28 | 4.0 MEDIUM | 2.7 LOW |
The Import feature of the RSVPMaker WordPress plugin before 8.7.3 (/wp-admin/tools.php?page=rsvpmaker_export_screen) takes an URL input and calls curl on it, without first validating it to ensure it's a remote one. As a result, a high privilege user could use that feature to scan the internal network via a SSRF attack. | |||||
CVE-2021-30108 | 1 Feehi | 1 Feehi Cms | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
Feehi CMS 2.1.1 is affected by a Server-side request forgery (SSRF) vulnerability. When the user modifies the HTTP Referer header to any url, the server can make a request to it. | |||||
CVE-2021-32682 | 1 Std42 | 1 Elfinder | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Several vulnerabilities affect elFinder 2.1.58. These vulnerabilities can allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal configuration. The issues were patched in version 2.1.59. As a workaround, ensure the connector is not exposed without authentication. | |||||
CVE-2021-33571 | 2 Djangoproject, Fedoraproject | 2 Django, Fedora | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46_address do not prohibit leading zero characters in octal literals. This may allow a bypass of access control that is based on IP addresses. (validate_ipv4_address and validate_ipv46_address are unaffected with Python 3.9.5+..) . | |||||
CVE-2021-34811 | 1 Synology | 1 Download Station | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
Server-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to access intranet resources via unspecified vectors. | |||||
CVE-2021-24472 | 1 Qantumthemes | 2 Kentharadio, Onair2 | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The OnAir2 WordPress theme before 3.9.9.2 and QT KenthaRadio WordPress plugin before 2.0.2 have exposed proxy functionality to unauthenticated users, sending requests to this proxy functionality will have the web server fetch and display the content from any URI, this would allow for SSRF (Server Side Request Forgery) and RFI (Remote File Inclusion) vulnerabilities on the website. | |||||
CVE-2021-33184 | 1 Synology | 1 Download Station | 2024-02-28 | 4.0 MEDIUM | 7.7 HIGH |
Server-Side request forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.15-3563 allows remote authenticated users to read arbitrary files via unspecified vectors. | |||||
CVE-2021-22214 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 4.3 MEDIUM | 8.6 HIGH |
When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is limited |