CWE-918
AllowedServer-Side Request Forgery (SSRF)
Abstraction: Base · Status: Incomplete
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
4620 vulnerabilities reference this CWE, most recent first.
GHSA-WR7J-7CG5-P3PV
Vulnerability from github – Published: 2024-06-04 21:32 – Updated: 2024-06-04 21:32Prior to 23.2, it is possible to perform arbitrary Server-Side requests via HTTP-based connectors within BeyondInsight, resulting in a server-side request forgery vulnerability.
{
"affected": [],
"aliases": [
"CVE-2024-4219"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-04T21:15:35Z",
"severity": "MODERATE"
},
"details": "Prior to 23.2, it is possible to perform arbitrary Server-Side requests via HTTP-based connectors within BeyondInsight, resulting in a server-side request forgery vulnerability.",
"id": "GHSA-wr7j-7cg5-p3pv",
"modified": "2024-06-04T21:32:22Z",
"published": "2024-06-04T21:32:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4219"
},
{
"type": "WEB",
"url": "https://www.beyondtrust.com/trust-center/security-advisories/BT24-05"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-WR7V-68P8-38HW
Vulnerability from github – Published: 2025-02-11 18:31 – Updated: 2025-02-11 18:31Dell UCC Edge, version 2.3.0, contains a Blind SSRF on Add Customer SFTP Server vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Server-side request forgery
{
"affected": [],
"aliases": [
"CVE-2025-22399"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-11T17:15:34Z",
"severity": "HIGH"
},
"details": "Dell UCC Edge, version 2.3.0, contains a Blind SSRF on Add Customer SFTP Server vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Server-side request forgery",
"id": "GHSA-wr7v-68p8-38hw",
"modified": "2025-02-11T18:31:35Z",
"published": "2025-02-11T18:31:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22399"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000279299/dsa-2025-043-security-update-for-dell-ucc-edge-security-update-for-multiple-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-WR82-63QC-G2H8
Vulnerability from github – Published: 2022-05-14 01:04 – Updated: 2022-05-14 01:04The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).
{
"affected": [],
"aliases": [
"CVE-2017-9506"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-08-23T19:29:00Z",
"severity": "MODERATE"
},
"details": "The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).",
"id": "GHSA-wr82-63qc-g2h8",
"modified": "2022-05-14T01:04:28Z",
"published": "2022-05-14T01:04:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9506"
},
{
"type": "WEB",
"url": "https://ecosystem.atlassian.net/browse/OAUTH-344"
},
{
"type": "WEB",
"url": "https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3"
},
{
"type": "WEB",
"url": "https://twitter.com/Zer0Security/status/983529439433777152"
},
{
"type": "WEB",
"url": "https://twitter.com/ankit_anubhav/status/973566620676382721"
},
{
"type": "WEB",
"url": "http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WRF8-P6R2-XW72
Vulnerability from github – Published: 2022-05-24 17:29 – Updated: 2025-05-30 18:30An SSRF issue was discovered in Zoho Application Control Plus before version 10.0.511. The mail gateway configuration feature allows an attacker to perform a scan in order to discover open ports on a machine as well as available machines on the network segment on which the instance of the product is deployed.
{
"affected": [],
"aliases": [
"CVE-2020-15594"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-09-30T18:15:00Z",
"severity": "MODERATE"
},
"details": "An SSRF issue was discovered in Zoho Application Control Plus before version 10.0.511. The mail gateway configuration feature allows an attacker to perform a scan in order to discover open ports on a machine as well as available machines on the network segment on which the instance of the product is deployed.",
"id": "GHSA-wrf8-p6r2-xw72",
"modified": "2025-05-30T18:30:36Z",
"published": "2022-05-24T17:29:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15594"
},
{
"type": "WEB",
"url": "https://cds.thalesgroup.com/en/tcs-cert/CVE-2020-15594"
},
{
"type": "WEB",
"url": "https://excellium-services.com/cert-xlm-advisory/cve-2020-15594"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WRHR-54P6-Q97F
Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-07-01 19:30Jenkins Active Directory Plugin 2.41 and earlier follows LDAP referrals from the configured Active Directory server by default. These can forward to an RMI URL that causes Jenkins to deserialize attacker-controlled data, resulting in Remote Code Execution (RCE) on the Jenkins controller if deserialization "gadgets" are available on the classpath.
This allows attackers able to control the configured Active Directory server, or able to perform a machine-in-the-middle attack, to execute code on the Jenkins controller.
Active Directory Plugin 2.41.1 no longer follows LDAP referrals by default.
Administrators unable to update to a fixed version can start Jenkins with the Java system property hudson.plugins.active_directory.referral.ignore set to true to mitigate the vulnerability.
Administrators of Jenkins controllers requiring following LDAP referrals can set the Java system property hudson.plugins.active_directory.referral.ignore to false to restore the previous behavior.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.jenkins-ci.plugins:active-directory"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.41.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-48918"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2026-07-01T19:30:25Z",
"nvd_published_at": "2026-05-27T15:16:31Z",
"severity": "MODERATE"
},
"details": "Jenkins Active Directory Plugin 2.41 and earlier follows LDAP referrals from the configured Active Directory server by default. These can forward to an RMI URL that causes Jenkins to deserialize attacker-controlled data, resulting in Remote Code Execution (RCE) on the Jenkins controller if deserialization \"gadgets\" are available on the classpath.\n\nThis allows attackers able to control the configured Active Directory server, or able to perform a machine-in-the-middle attack, to execute code on the Jenkins controller.\n\nActive Directory Plugin 2.41.1 no longer follows LDAP referrals by default.\n\nAdministrators unable to update to a fixed version can start Jenkins with the Java system property `hudson.plugins.active_directory.referral.ignore` set to `true` to mitigate the vulnerability.\n\nAdministrators of Jenkins controllers requiring following LDAP referrals can set the Java system property `hudson.plugins.active_directory.referral.ignore` to `false` to restore the previous behavior.",
"id": "GHSA-wrhr-54p6-q97f",
"modified": "2026-07-01T19:30:25Z",
"published": "2026-05-27T15:33:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48918"
},
{
"type": "PACKAGE",
"url": "https://github.com/jenkinsci/active-directory-plugin"
},
{
"type": "WEB",
"url": "https://www.jenkins.io/security/advisory/2026-05-27/#SECURITY-3659"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Jenkins Active Directory Plugin follows LDAP referrals by default"
}
GHSA-WRR2-6XWV-W627
Vulnerability from github – Published: 2024-06-06 21:30 – Updated: 2024-06-06 21:30A Server-Side Request Forgery (SSRF) vulnerability exists in the upload link feature of mintplex-labs/anything-llm. This feature, intended for users with manager or admin roles, processes uploaded links through an internal Collector API using a headless browser. An attacker can exploit this by hosting a malicious website and using it to perform actions such as internal port scanning, accessing internal web applications not exposed externally, and interacting with the Collector API. This interaction can lead to unauthorized actions such as arbitrary file deletion and limited Local File Inclusion (LFI), including accessing NGINX access logs which may contain sensitive information.
{
"affected": [],
"aliases": [
"CVE-2024-3149"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-06T19:16:00Z",
"severity": "CRITICAL"
},
"details": "A Server-Side Request Forgery (SSRF) vulnerability exists in the upload link feature of mintplex-labs/anything-llm. This feature, intended for users with manager or admin roles, processes uploaded links through an internal Collector API using a headless browser. An attacker can exploit this by hosting a malicious website and using it to perform actions such as internal port scanning, accessing internal web applications not exposed externally, and interacting with the Collector API. This interaction can lead to unauthorized actions such as arbitrary file deletion and limited Local File Inclusion (LFI), including accessing NGINX access logs which may contain sensitive information.",
"id": "GHSA-wrr2-6xwv-w627",
"modified": "2024-06-06T21:30:37Z",
"published": "2024-06-06T21:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3149"
},
{
"type": "WEB",
"url": "https://github.com/mintplex-labs/anything-llm/commit/f4088d9348fa86dcebe9f97a18d39c0a6e92f15e"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/b230d76b-ae2d-440e-a25b-94ffaa7c4ff1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WRV9-8QW6-67RV
Vulnerability from github – Published: 2023-08-31 03:30 – Updated: 2023-08-31 03:30Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/icms2 prior to 2.16.1.
{
"affected": [],
"aliases": [
"CVE-2023-4651"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-31T01:15:09Z",
"severity": "MODERATE"
},
"details": "Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/icms2 prior to 2.16.1.",
"id": "GHSA-wrv9-8qw6-67rv",
"modified": "2023-08-31T03:30:36Z",
"published": "2023-08-31T03:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4651"
},
{
"type": "WEB",
"url": "https://github.com/instantsoft/icms2/commit/a6bf758de0b3242b0c0e4b47a588aae0c94305b0"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/beba9b98-2a5c-4629-987d-b67f47ba9437"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-WRW2-8VG5-G3JJ
Vulnerability from github – Published: 2022-01-19 00:01 – Updated: 2026-02-23 09:31SSRF vulnerability in M-Files Server products with versions before 22.1.11017.1, in a preview function allowed making queries from the server with certain document types referencing external entities.
{
"affected": [],
"aliases": [
"CVE-2021-41809"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-18T17:15:00Z",
"severity": "MODERATE"
},
"details": "SSRF vulnerability in M-Files Server products with versions before 22.1.11017.1, in a preview function allowed making queries from the server with certain document types referencing external entities.",
"id": "GHSA-wrw2-8vg5-g3jj",
"modified": "2026-02-23T09:31:17Z",
"published": "2022-01-19T00:01:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41809"
},
{
"type": "WEB",
"url": "https://empower.m-files.com/security-advisories/CVE-2021-41809"
},
{
"type": "WEB",
"url": "https://www.m-files.com/about/trust-center/security-vulnerabilities/cve-2021-41809"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WRW7-6RH3-QHMQ
Vulnerability from github – Published: 2024-12-30 00:30 – Updated: 2024-12-30 00:30A vulnerability, which was classified as problematic, was found in Antabot White-Jotter up to 0.2.2. Affected is an unknown function of the file /admin/content/book of the component Edit Book Handler. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
{
"affected": [],
"aliases": [
"CVE-2024-13029"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-30T00:15:04Z",
"severity": "MODERATE"
},
"details": "A vulnerability, which was classified as problematic, was found in Antabot White-Jotter up to 0.2.2. Affected is an unknown function of the file /admin/content/book of the component Edit Book Handler. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.",
"id": "GHSA-wrw7-6rh3-qhmq",
"modified": "2024-12-30T00:30:29Z",
"published": "2024-12-30T00:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13029"
},
{
"type": "WEB",
"url": "https://github.com/cydtseng/Vulnerability-Research/blob/main/white-jotter/ServerSideRequestForgery-BookCoverURL.md"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.289722"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.289722"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.465942"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-WRX7-QGMJ-MF2Q
Vulnerability from github – Published: 2022-01-08 00:43 – Updated: 2022-01-07 23:16All request mappings in StreamingCoordinatorController.java handling /kylin/api/streaming_coordinator/* REST API endpoints did not include any security checks, which allowed an unauthenticated user to issue arbitrary requests, such as assigning/unassigning of streaming cubes, creation/modification and deletion of replica sets, to the Kylin Coordinator. For endpoints accepting node details in HTTP message body, unauthenticated (but limited) server-side request forgery (SSRF) can be achieved. This issue affects Apache Kylin Apache Kylin 3 versions prior to 3.1.2.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.kylin:kylin"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-27738"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2022-01-07T23:16:38Z",
"nvd_published_at": "2022-01-06T13:15:00Z",
"severity": "MODERATE"
},
"details": "All request mappings in `StreamingCoordinatorController.java` handling `/kylin/api/streaming_coordinator/*` REST API endpoints did not include any security checks, which allowed an unauthenticated user to issue arbitrary requests, such as assigning/unassigning of streaming cubes, creation/modification and deletion of replica sets, to the Kylin Coordinator. For endpoints accepting node details in HTTP message body, unauthenticated (but limited) server-side request forgery (SSRF) can be achieved. This issue affects Apache Kylin Apache Kylin 3 versions prior to 3.1.2.",
"id": "GHSA-wrx7-qgmj-mf2q",
"modified": "2022-01-07T23:16:38Z",
"published": "2022-01-08T00:43:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27738"
},
{
"type": "WEB",
"url": "https://github.com/apache/kylin/pull/1646"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/kylin"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/vkohh0to2vzwymyb2x13fszs3cs3vd70"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2022/01/06/6"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Server-Side Request Forgery in Apache Kylin"
}
No mitigation information available for this CWE.
CAPEC-664: Server Side Request Forgery
An adversary exploits improper input validation by submitting maliciously crafted input to a target application running on a server, with the goal of forcing the server to make a request either to itself, to web services running in the server’s internal network, or to external third parties. If successful, the adversary’s request will be made with the server’s privilege level, bypassing its authentication controls. This ultimately allows the adversary to access sensitive data, execute commands on the server’s network, and make external requests with the stolen identity of the server. Server Side Request Forgery attacks differ from Cross Site Request Forgery attacks in that they target the server itself, whereas CSRF attacks exploit an insecure user authentication mechanism to perform unauthorized actions on the user's behalf.