Vulnerabilities (CVE)

Filtered by CWE-918
Total 1256 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-13286 1 Gitlab 1 Gitlab 2024-11-21 4.0 MEDIUM 6.4 MEDIUM
For GitLab before 13.0.12, 13.1.6, 13.2.3 user controlled git configuration settings can be modified to result in Server Side Request Forgery.
CVE-2020-13226 1 Wso2 1 Api Manager 2024-11-21 7.5 HIGH 9.8 CRITICAL
WSO2 API Manager 3.0.0 does not properly restrict outbound network access from a Publisher node, opening up the possibility of SSRF to this node's entire intranet.
CVE-2020-12725 1 Redash 1 Redash 2024-11-21 6.5 MEDIUM 7.2 HIGH
Havoc Research discovered an authenticated Server-Side Request Forgery (SSRF) via the "JSON" data source of Redash open-source 8.0.0 and prior. Possibly, other connectors are affected. The SSRF is potent and provides a lot of flexibility in terms of being able to craft HTTP requests e.g., by adding headers, selecting any HTTP verb, etc.
CVE-2020-12644 1 Open-xchange 1 Open-xchange Appsuite 2024-11-21 4.0 MEDIUM 5.0 MEDIUM
OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list API.
CVE-2020-12529 1 Mbconnectline 2 Mbconnect24, Mymbconnect24 2024-11-21 5.0 MEDIUM 5.8 MEDIUM
An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2 There is a SSRF in the LDAP access check, allowing an attacker to scan for open ports.
CVE-2020-11988 2 Apache, Fedoraproject 2 Xmlgraphics Commons, Fedora 2024-11-21 6.4 MEDIUM 8.2 HIGH
Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. Users should upgrade to 2.6 or later.
CVE-2020-11987 4 Apache, Debian, Fedoraproject and 1 more 22 Batik, Debian Linux, Fedora and 19 more 2024-11-21 6.4 MEDIUM 8.2 HIGH
Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
CVE-2020-11980 1 Apache 1 Karaf 2024-11-21 6.5 MEDIUM 6.3 MEDIUM
In Karaf, JMX authentication takes place using JAAS and authorization takes place using ACL files. By default, only an "admin" can actually invoke on an MBean. However there is a vulnerability there for someone who is not an admin, but has a "viewer" role. In the 'etc/jmx.acl.cfg', such as role can call get*. It's possible to authenticate as a viewer role + invokes on the MLet getMBeansFromURL method, which goes off to a remote server to fetch the desired MBean, which is then registered in Karaf. At this point the attack fails as "viewer" doesn't have the permission to invoke on the MBean. Still, it could act as a SSRF style attack and also it essentially allows a "viewer" role to pollute the MBean registry, which is a kind of privilege escalation. The vulnerability is low as it's possible to add a ACL to limit access. Users should update to Apache Karaf 4.2.9 or newer.
CVE-2020-11885 1 Wso2 1 Enterprise Integrator 2024-11-21 6.5 MEDIUM 7.2 HIGH
WSO2 Enterprise Integrator through 6.6.0 has an XXE vulnerability where a user (with admin console access) can use the XML validator to make unintended network invocations such as SSRF via an uploaded file.
CVE-2020-11453 1 Microstrategy 1 Microstrategy Web 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in the Test Web Service functionality exposed through the path /MicroStrategyWS/. The functionality requires no authentication and, while it is not possible to pass parameters in the SSRF request, it is still possible to exploit it to conduct port scanning. An attacker could exploit this vulnerability to enumerate the resources allocated in the network (IP addresses and services exposed). NOTE: MicroStrategy is unable to reproduce the issue reported in any version of its product
CVE-2020-11452 1 Microstrategy 1 Microstrategy Web 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
Microstrategy Web 10.4 includes functionality to allow users to import files or data from external resources such as URLs or databases. By providing an external URL under attacker control, it's possible to send requests to external resources (aka SSRF) or leak files from the local system using the file:// stream wrapper.
CVE-2020-10980 1 Gitlab 1 Gitlab 2024-11-21 7.5 HIGH 9.8 CRITICAL
GitLab EE/CE 8.0.rc1 to 12.9 is vulnerable to a blind SSRF in the FogBugz integration.
CVE-2020-10956 1 Gitlab 1 Gitlab 2024-11-21 7.5 HIGH 9.8 CRITICAL
GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a project import note feature.
CVE-2020-10791 1 It-novum 1 Openitcockpit 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
app/Plugin/GrafanaModule/Controller/GrafanaConfigurationController.php in openITCOCKPIT before 3.7.3 allows remote authenticated users to trigger outbound TCP requests (aka SSRF) via the Test Connection feature (aka testGrafanaConnection) of the Grafana Module.
CVE-2020-10770 1 Redhat 1 Keycloak 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack.
CVE-2020-10252 1 Owncloud 1 Owncloud 2024-11-21 6.5 MEDIUM 8.3 HIGH
An issue was discovered in ownCloud before 10.4. Because of an SSRF issue (via the apps/files_sharing/external remote parameter), an authenticated attacker can interact with local services blindly (aka Blind SSRF) or conduct a Denial Of Service attack.
CVE-2020-10212 1 Tecrail 1 Responsive Filemanager 2024-11-21 7.5 HIGH 9.8 CRITICAL
upload.php in Responsive FileManager 9.13.4 and 9.14.0 allows SSRF via the url parameter because file-extension blocking is mishandled and because it is possible for a DNS hostname to resolve to an internal IP address. For example, an SSRF attempt may succeed if a .ico filename is added to the PATH_INFO. Also, an attacker could create a DNS hostname that resolves to the 0.0.0.0 IP address for DNS pinning. NOTE: this issue exists because of an incomplete fix for CVE-2018-14728.
CVE-2020-10077 1 Gitlab 1 Gitlab 2024-11-21 7.5 HIGH 9.8 CRITICAL
GitLab EE 3.0 through 12.8.1 allows SSRF. An internal investigation revealed that a particular deprecated service was creating a server side request forgery risk.
CVE-2019-9827 1 Hawt 1 Hawtio 2024-11-21 7.5 HIGH 9.8 CRITICAL
Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote attacker to trigger an HTTP request from an affected server to an arbitrary host via the initial /proxy/ substring of a URI.
CVE-2019-9621 1 Zimbra 1 Collaboration Server 2024-11-21 5.0 MEDIUM 7.5 HIGH
Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3 allows SSRF via the ProxyServlet component.