CWE-918
Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
CVE-2022-39039 (GCVE-0-2022-39039)
Vulnerability from cvelistv5 – Published: 2023-01-03 00:00 – Updated: 2025-04-10 15:34
VLAI
Title
aEnrich a+HRD - Server-Side Request Forgery (SSRF)
Summary
aEnrich’s a+HRD has inadequate filtering for specific URL parameter. An unauthenticated remote attacker can exploit this vulnerability to send arbitrary HTTP(s) request to launch Server-Side Request Forgery (SSRF) attack, to perform arbitrary system command or disrupt service.
Severity
9.8 (Critical)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
1 reference
Date Public
2022-12-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T11:10:32.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6792-c4a62-1.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-39039",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-10T15:34:28.031976Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T15:34:48.454Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "a+HRD",
"vendor": "aEnrich",
"versions": [
{
"lessThanOrEqual": "7.0",
"status": "affected",
"version": "6.8",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-12-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "aEnrich\u2019s a+HRD has inadequate filtering for specific URL parameter. An unauthenticated remote attacker can exploit this vulnerability to send arbitrary HTTP(s) request to launch Server-Side Request Forgery (SSRF) attack, to perform arbitrary system command or disrupt service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-03T00:00:00.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-6792-c4a62-1.html"
}
],
"source": {
"advisory": "TVN-202210019",
"discovery": "EXTERNAL"
},
"title": "aEnrich a+HRD - Server-Side Request Forgery (SSRF)",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2022-39039",
"datePublished": "2023-01-03T00:00:00.000Z",
"dateReserved": "2022-08-30T00:00:00.000Z",
"dateUpdated": "2025-04-10T15:34:48.454Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-39055 (GCVE-0-2022-39055)
Vulnerability from cvelistv5 – Published: 2022-10-18 05:40 – Updated: 2025-05-09 14:51
VLAI
Title
Changing Information Technology Inc. RAVA certificate validation system - Server-Side Request Forgery (SSRF)
Summary
RAVA certificate validation system has inadequate filtering for URL parameter. An unauthenticated remote attacker can perform SSRF attack to discover internal network topology base on query response.
Severity
5.3 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Changing Information Technology Inc. | RAVA certificate validation system |
Affected:
3
|
Date Public
2022-10-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T11:10:32.443Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6616-9092f-1.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-39055",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-09T14:51:20.623684Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-09T14:51:35.855Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RAVA certificate validation system",
"vendor": "Changing Information Technology Inc.",
"versions": [
{
"status": "affected",
"version": "3"
}
]
}
],
"datePublic": "2022-10-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "RAVA certificate validation system has inadequate filtering for URL parameter. An unauthenticated remote attacker can perform SSRF attack to discover internal network topology base on query response."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-18T00:00:00.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-6616-9092f-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Contact tech support from Changing Information Technology Inc."
}
],
"source": {
"advisory": "TVN-202209011",
"discovery": "EXTERNAL"
},
"title": "Changing Information Technology Inc. RAVA certificate validation system - Server-Side Request Forgery (SSRF)",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2022-39055",
"datePublished": "2022-10-18T05:40:19.195Z",
"dateReserved": "2022-08-31T00:00:00.000Z",
"dateUpdated": "2025-05-09T14:51:35.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-39211 (GCVE-0-2022-39211)
Vulnerability from cvelistv5 – Published: 2022-09-16 23:10 – Updated: 2025-04-23 16:58
VLAI
Title
Server-Side Request Forgery (SSRF) via potential filter bypass in Nextcloud Server
Summary
Nextcloud server is an open source personal cloud platform. In affected versions it was found that locally running webservices can be found and requested erroneously. It is recommended that the Nextcloud Server is upgraded to 23.0.8 or 24.0.4. It is recommended that the Nextcloud Enterprise Server is upgraded to 22.2.10.4, 23.0.8 or 24.0.4. There are no known workarounds for this issue.
Severity
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/nextcloud/security-advisories/… | x_refsource_CONFIRM |
| https://github.com/nextcloud/server/pull/32988 | x_refsource_MISC |
| https://github.com/nextcloud/server/pull/33031 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| nextcloud | security-advisories |
Affected:
< 23.0.8
Affected: >= 24.0.0, < 24.0.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:00:43.476Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-rmf9-w497-8cq8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/server/pull/32988"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/server/pull/33031"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-39211",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:57:36.117486Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T16:58:46.383Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003c 23.0.8"
},
{
"status": "affected",
"version": "\u003e= 24.0.0, \u003c 24.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud server is an open source personal cloud platform. In affected versions it was found that locally running webservices can be found and requested erroneously. It is recommended that the Nextcloud Server is upgraded to 23.0.8 or 24.0.4. It is recommended that the Nextcloud Enterprise Server is upgraded to 22.2.10.4, 23.0.8 or 24.0.4. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-16T23:10:10.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-rmf9-w497-8cq8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/server/pull/32988"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/server/pull/33031"
}
],
"source": {
"advisory": "GHSA-rmf9-w497-8cq8",
"discovery": "UNKNOWN"
},
"title": "Server-Side Request Forgery (SSRF) via potential filter bypass in Nextcloud Server",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-39211",
"STATE": "PUBLIC",
"TITLE": "Server-Side Request Forgery (SSRF) via potential filter bypass in Nextcloud Server"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "security-advisories",
"version": {
"version_data": [
{
"version_value": "\u003c 23.0.8"
},
{
"version_value": "\u003e= 24.0.0, \u003c 24.0.4"
}
]
}
}
]
},
"vendor_name": "nextcloud"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nextcloud server is an open source personal cloud platform. In affected versions it was found that locally running webservices can be found and requested erroneously. It is recommended that the Nextcloud Server is upgraded to 23.0.8 or 24.0.4. It is recommended that the Nextcloud Enterprise Server is upgraded to 22.2.10.4, 23.0.8 or 24.0.4. There are no known workarounds for this issue."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918: Server-Side Request Forgery (SSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-rmf9-w497-8cq8",
"refsource": "CONFIRM",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-rmf9-w497-8cq8"
},
{
"name": "https://github.com/nextcloud/server/pull/32988",
"refsource": "MISC",
"url": "https://github.com/nextcloud/server/pull/32988"
},
{
"name": "https://github.com/nextcloud/server/pull/33031",
"refsource": "MISC",
"url": "https://github.com/nextcloud/server/pull/33031"
}
]
},
"source": {
"advisory": "GHSA-rmf9-w497-8cq8",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-39211",
"datePublished": "2022-09-16T23:10:10.000Z",
"dateReserved": "2022-09-02T00:00:00.000Z",
"dateUpdated": "2025-04-23T16:58:46.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-39239 (GCVE-0-2022-39239)
Vulnerability from cvelistv5 – Published: 2022-09-23 07:55 – Updated: 2025-04-23 16:56
VLAI
Title
nefly-ipx subject to Server-Side Request Forgery and Stored Cross-Site Scripting via Cache Poisoning and Improper Host Validation
Summary
netlify-ipx is an on-Demand image optimization for Netlify using ipx. In versions prior to 1.2.3, an attacker can bypass the source image domain allowlist by sending specially crafted headers, causing the handler to load and return arbitrary images. Because the response is cached globally, this image will then be served to visitors without requiring those headers to be set. XSS can be achieved by requesting a malicious SVG with embedded scripts, which would then be served from the site domain. Note that this does not apply to images loaded in `<img>` tags, as scripts do not execute in this context. The image URL can be set in the header independently of the request URL, meaning any site images that have not previously been cached can have their cache poisoned. This problem has been fixed in version 1.2.3. As a workaround, cached content can be cleared by re-deploying the site.
Severity
6.1 (Medium)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/netlify/netlify-ipx/security/a… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| netlify | netlify-ipx |
Affected:
< 1.2.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:00:43.513Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/netlify/netlify-ipx/security/advisories/GHSA-9jjv-524m-jm98"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-39239",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:57:10.332253Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T16:56:05.928Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "netlify-ipx",
"vendor": "netlify",
"versions": [
{
"status": "affected",
"version": "\u003c 1.2.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "netlify-ipx is an on-Demand image optimization for Netlify using ipx. In versions prior to 1.2.3, an attacker can bypass the source image domain allowlist by sending specially crafted headers, causing the handler to load and return arbitrary images. Because the response is cached globally, this image will then be served to visitors without requiring those headers to be set. XSS can be achieved by requesting a malicious SVG with embedded scripts, which would then be served from the site domain. Note that this does not apply to images loaded in `\u003cimg\u003e` tags, as scripts do not execute in this context. The image URL can be set in the header independently of the request URL, meaning any site images that have not previously been cached can have their cache poisoned. This problem has been fixed in version 1.2.3. As a workaround, cached content can be cleared by re-deploying the site."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-23T07:55:08.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/netlify/netlify-ipx/security/advisories/GHSA-9jjv-524m-jm98"
}
],
"source": {
"advisory": "GHSA-9jjv-524m-jm98",
"discovery": "UNKNOWN"
},
"title": "nefly-ipx subject to Server-Side Request Forgery and Stored Cross-Site Scripting via Cache Poisoning and Improper Host Validation",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-39239",
"STATE": "PUBLIC",
"TITLE": "nefly-ipx subject to Server-Side Request Forgery and Stored Cross-Site Scripting via Cache Poisoning and Improper Host Validation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "netlify-ipx",
"version": {
"version_data": [
{
"version_value": "\u003c 1.2.3"
}
]
}
}
]
},
"vendor_name": "netlify"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "netlify-ipx is an on-Demand image optimization for Netlify using ipx. In versions prior to 1.2.3, an attacker can bypass the source image domain allowlist by sending specially crafted headers, causing the handler to load and return arbitrary images. Because the response is cached globally, this image will then be served to visitors without requiring those headers to be set. XSS can be achieved by requesting a malicious SVG with embedded scripts, which would then be served from the site domain. Note that this does not apply to images loaded in `\u003cimg\u003e` tags, as scripts do not execute in this context. The image URL can be set in the header independently of the request URL, meaning any site images that have not previously been cached can have their cache poisoned. This problem has been fixed in version 1.2.3. As a workaround, cached content can be cleared by re-deploying the site."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-918: Server-Side Request Forgery (SSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/netlify/netlify-ipx/security/advisories/GHSA-9jjv-524m-jm98",
"refsource": "CONFIRM",
"url": "https://github.com/netlify/netlify-ipx/security/advisories/GHSA-9jjv-524m-jm98"
}
]
},
"source": {
"advisory": "GHSA-9jjv-524m-jm98",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-39239",
"datePublished": "2022-09-23T07:55:08.000Z",
"dateReserved": "2022-09-02T00:00:00.000Z",
"dateUpdated": "2025-04-23T16:56:05.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-39241 (GCVE-0-2022-39241)
Vulnerability from cvelistv5 – Published: 2022-11-02 00:00 – Updated: 2025-04-23 16:41
VLAI
Title
Possible Server-Side Request Forgery (SSRF) in webhooks
Summary
Discourse is a platform for community discussion. A malicious admin could use this vulnerability to perform port enumeration on the local host or other hosts on the internal network, as well as against hosts on the Internet. Latest `stable`, `beta`, and `test-passed` versions are now patched. As a workaround, self-hosters can use `DISCOURSE_BLOCKED_IP_BLOCKS` env var (which overrides `blocked_ip_blocks` setting) to stop webhooks from accessing private IPs.
Severity
7.6 (High)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:00:43.541Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-rcc5-28r3-23rr"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-39241",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:55:26.567048Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T16:41:51.692Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c= 2.8.9"
},
{
"status": "affected",
"version": "\u003c= 2.9.0.beta10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is a platform for community discussion. A malicious admin could use this vulnerability to perform port enumeration on the local host or other hosts on the internal network, as well as against hosts on the Internet. Latest `stable`, `beta`, and `test-passed` versions are now patched. As a workaround, self-hosters can use `DISCOURSE_BLOCKED_IP_BLOCKS` env var (which overrides `blocked_ip_blocks` setting) to stop webhooks from accessing private IPs."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-02T00:00:00.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-rcc5-28r3-23rr"
}
],
"source": {
"advisory": "GHSA-rcc5-28r3-23rr",
"discovery": "UNKNOWN"
},
"title": "Possible Server-Side Request Forgery (SSRF) in webhooks"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-39241",
"datePublished": "2022-11-02T00:00:00.000Z",
"dateReserved": "2022-09-02T00:00:00.000Z",
"dateUpdated": "2025-04-23T16:41:51.692Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-39276 (GCVE-0-2022-39276)
Vulnerability from cvelistv5 – Published: 2022-11-03 00:00 – Updated: 2025-04-22 16:08
VLAI
Title
Blind Server-Side Request Forgery (SSRF) in RSS feeds and planning
Summary
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Usage of RSS feeds or an external calendar in planning is subject to SSRF exploit. In case a remote script returns a redirect response, the redirect target URL is not checked against the URL allow list defined by administrator. This issue has been patched, please upgrade to 10.0.4. There are currently no known workarounds.
Severity
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| glpi-project | glpi |
Affected:
< 10.0.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:00:43.609Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-8vwg-7x42-7v6p"
},
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/7a88f92b-1ee2-4ca8-9cf8-05fcf6cfe73f/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-39276",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T15:43:08.744306Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T16:08:44.482Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "glpi",
"vendor": "glpi-project",
"versions": [
{
"status": "affected",
"version": "\u003c 10.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Usage of RSS feeds or an external calendar in planning is subject to SSRF exploit. In case a remote script returns a redirect response, the redirect target URL is not checked against the URL allow list defined by administrator. This issue has been patched, please upgrade to 10.0.4. There are currently no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-03T00:00:00.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-8vwg-7x42-7v6p"
},
{
"url": "https://huntr.dev/bounties/7a88f92b-1ee2-4ca8-9cf8-05fcf6cfe73f/"
}
],
"source": {
"advisory": "GHSA-8vwg-7x42-7v6p",
"discovery": "UNKNOWN"
},
"title": "Blind Server-Side Request Forgery (SSRF) in RSS feeds and planning"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-39276",
"datePublished": "2022-11-03T00:00:00.000Z",
"dateReserved": "2022-09-02T00:00:00.000Z",
"dateUpdated": "2025-04-22T16:08:44.482Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-39383 (GCVE-0-2022-39383)
Vulnerability from cvelistv5 – Published: 2022-11-16 00:00 – Updated: 2025-04-23 16:37
VLAI
Title
SSRF vulnerability in KubeVela VelaUX APIServer
Summary
KubeVela is an open source application delivery platform. Users using the VelaUX APIServer could be affected by this vulnerability. When using Helm Chart as the component delivery method, the request address of the warehouse is not restricted, and there is a blind SSRF vulnerability. Users who're using v1.6, please update the v1.6.1. Users who're using v1.5, please update the v1.5.8. There are no known workarounds for this issue.
Severity
4.9 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:07:42.045Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/kubevela/kubevela/security/advisories/GHSA-m5xf-x7q6-3rm7"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/kubevela/kubevela/pull/5000"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-39383",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:54:21.246181Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T16:37:02.312Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "kubevela",
"vendor": "kubevela",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.6.0, \u003c 1.6.1"
},
{
"status": "affected",
"version": "\u003c 1.5.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "KubeVela is an open source application delivery platform. Users using the VelaUX APIServer could be affected by this vulnerability. When using Helm Chart as the component delivery method, the request address of the warehouse is not restricted, and there is a blind SSRF vulnerability. Users who\u0027re using v1.6, please update the v1.6.1. Users who\u0027re using v1.5, please update the v1.5.8. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-16T00:00:00.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/kubevela/kubevela/security/advisories/GHSA-m5xf-x7q6-3rm7"
},
{
"url": "https://github.com/kubevela/kubevela/pull/5000"
}
],
"source": {
"advisory": "GHSA-m5xf-x7q6-3rm7",
"discovery": "UNKNOWN"
},
"title": "SSRF vulnerability in KubeVela VelaUX APIServer"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-39383",
"datePublished": "2022-11-16T00:00:00.000Z",
"dateReserved": "2022-09-02T00:00:00.000Z",
"dateUpdated": "2025-04-23T16:37:02.312Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-40146 (GCVE-0-2022-40146)
Vulnerability from cvelistv5 – Published: 2022-09-22 00:00 – Updated: 2025-11-03 19:27
VLAI
Title
Jar url should be blocked by DefaultScriptSecurity
Summary
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.
Severity
No CVSS data available.
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://lists.apache.org/thread/hxtddqjty2sbs12y9… | |
| https://lists.debian.org/debian-lts-announce/2023… | mailing-list |
| https://security.gentoo.org/glsa/202401-11 | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache XML Graphics |
Affected:
Batik 1.14
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:27:34.505Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://lists.apache.org/thread/hxtddqjty2sbs12y97c8g7xfh17jzxsx"
},
{
"name": "[debian-lts-announce] 20231014 [SECURITY] [DLA 3619-1] batik security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html"
},
{
"name": "GLSA-202401-11",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-11"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache XML Graphics",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "Batik 1.14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-07T11:06:18.978Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"url": "https://lists.apache.org/thread/hxtddqjty2sbs12y97c8g7xfh17jzxsx"
},
{
"name": "[debian-lts-announce] 20231014 [SECURITY] [DLA 3619-1] batik security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html"
},
{
"name": "GLSA-202401-11",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202401-11"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Jar url should be blocked by DefaultScriptSecurity",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2022-40146",
"datePublished": "2022-09-22T00:00:00.000Z",
"dateReserved": "2022-09-07T00:00:00.000Z",
"dateUpdated": "2025-11-03T19:27:34.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-40296 (GCVE-0-2022-40296)
Vulnerability from cvelistv5 – Published: 2022-10-31 20:07 – Updated: 2025-05-06 19:15
VLAI
Title
Server-side request forgery (SSRF) in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC.
Summary
The application was vulnerable to a Server-Side Request Forgery attacks, allowing the backend server to interact with unexpected endpoints, potentially including internal and local services, leading to attacks in other downstream systems.
Severity
9.8 (Critical)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| PHP Point of Sale LLC | PHP Point of Sale |
Affected:
19.0
|
Date Public
2022-10-28 13:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:14:40.255Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.themissinglink.com.au/security-advisories/cve-2022-40296",
"tags": [
"x_transferred"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2022-40296"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-40296",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-06T19:14:35.735192Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T19:15:40.038Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PHP Point of Sale",
"vendor": "PHP Point of Sale LLC",
"versions": [
{
"status": "affected",
"version": "19.0"
}
]
}
],
"datePublic": "2022-10-28T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(254, 254, 254);\"\u003eThe application was vulnerable to a Server-Side Request Forgery attacks, allowing the backend server to interact with unexpected endpoints, potentially including internal and local services, leading to attacks in other downstream systems.\u003c/span\u003e\n\n"
}
],
"value": "\nThe application was vulnerable to a Server-Side Request Forgery attacks, allowing the backend server to interact with unexpected endpoints, potentially including internal and local services, leading to attacks in other downstream systems.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-62",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-62 Cross Site Request Forgery"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-25T08:27:02.461Z",
"orgId": "07aac9b9-e3e9-4d03-a447-764bd31371d7",
"shortName": "TML"
},
"references": [
{
"name": "https://www.themissinglink.com.au/security-advisories/cve-2022-40296",
"url": "https://www.themissinglink.com.au/security-advisories/cve-2022-40296"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Server-side request forgery (SSRF) in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC.",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "07aac9b9-e3e9-4d03-a447-764bd31371d7",
"assignerShortName": "TML",
"cveId": "CVE-2022-40296",
"datePublished": "2022-10-31T20:07:56.767Z",
"dateReserved": "2022-09-08T00:00:00.000Z",
"dateUpdated": "2025-05-06T19:15:40.038Z",
"serial": 1,
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-40312 (GCVE-0-2022-40312)
Vulnerability from cvelistv5 – Published: 2023-12-18 15:08 – Updated: 2026-04-28 16:07
VLAI
Title
WordPress GiveWP Plugin <= 2.25.1 is vulnerable to Server Side Request Forgery (SSRF)
Summary
Server-Side Request Forgery (SSRF) vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform.This issue affects GiveWP – Donation Plugin and Fundraising Platform: from n/a through 2.25.1.
Severity
5.5 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/giv… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| GiveWP | GiveWP – Donation Plugin and Fundraising Platform |
Affected:
n/a , ≤ 2.25.1
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:14:40.080Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/give/wordpress-givewp-plugin-2-25-1-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "give",
"product": "GiveWP \u2013 Donation Plugin and Fundraising Platform",
"vendor": "GiveWP",
"versions": [
{
"changes": [
{
"at": "2.25.2",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.25.1",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Rafie Muhammad (Patchstack)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Server-Side Request Forgery (SSRF) vulnerability in GiveWP GiveWP \u2013 Donation Plugin and Fundraising Platform.\u003cp\u003eThis issue affects GiveWP \u2013 Donation Plugin and Fundraising Platform: from n/a through 2.25.1.\u003c/p\u003e"
}
],
"value": "Server-Side Request Forgery (SSRF) vulnerability in GiveWP GiveWP \u2013 Donation Plugin and Fundraising Platform.This issue affects GiveWP \u2013 Donation Plugin and Fundraising Platform: from n/a through 2.25.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:07:47.998Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/give/wordpress-givewp-plugin-2-25-1-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to\u00a02.25.2 or a higher version."
}
],
"value": "Update to\u00a02.25.2 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress GiveWP Plugin \u003c= 2.25.1 is vulnerable to Server Side Request Forgery (SSRF)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2022-40312",
"datePublished": "2023-12-18T15:08:55.293Z",
"dateReserved": "2022-09-14T13:22:24.163Z",
"dateUpdated": "2026-04-28T16:07:47.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
No mitigation information available for this CWE.
CAPEC-664: Server Side Request Forgery
An adversary exploits improper input validation by submitting maliciously crafted input to a target application running on a server, with the goal of forcing the server to make a request either to itself, to web services running in the server’s internal network, or to external third parties. If successful, the adversary’s request will be made with the server’s privilege level, bypassing its authentication controls. This ultimately allows the adversary to access sensitive data, execute commands on the server’s network, and make external requests with the stolen identity of the server. Server Side Request Forgery attacks differ from Cross Site Request Forgery attacks in that they target the server itself, whereas CSRF attacks exploit an insecure user authentication mechanism to perform unauthorized actions on the user's behalf.