CWE-918
Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
CVE-2023-41804 (GCVE-0-2023-41804)
Vulnerability from cvelistv5 – Published: 2023-12-07 10:58 – Updated: 2026-04-28 16:08
VLAI
Title
WordPress Starter Templates Plugin <= 3.2.4 is vulnerable to Server Side Request Forgery (SSRF)
Summary
Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates — Elementor, WordPress & Beaver Builder Templates.This issue affects Starter Templates — Elementor, WordPress & Beaver Builder Templates: from n/a through 3.2.4.
Severity
7.1 (High)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/ast… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Brainstorm Force | Starter Templates — Elementor, WordPress & Beaver Builder Templates |
Affected:
n/a , ≤ 3.2.4
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:09:48.911Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/astra-sites/wordpress-starter-templates-plugin-3-2-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "astra-sites",
"product": "Starter Templates \u2014 Elementor, WordPress \u0026 Beaver Builder Templates",
"vendor": "Brainstorm Force",
"versions": [
{
"changes": [
{
"at": "3.2.5",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.2.4",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Rafie Muhammad (Patchstack)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates \u2014 Elementor, WordPress \u0026 Beaver Builder Templates.\u003cp\u003eThis issue affects Starter Templates \u2014 Elementor, WordPress \u0026 Beaver Builder Templates: from n/a through 3.2.4.\u003c/p\u003e"
}
],
"value": "Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates \u2014 Elementor, WordPress \u0026 Beaver Builder Templates.This issue affects Starter Templates \u2014 Elementor, WordPress \u0026 Beaver Builder Templates: from n/a through 3.2.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:08:38.795Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/astra-sites/wordpress-starter-templates-plugin-3-2-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to\u00a03.2.5 or a higher version."
}
],
"value": "Update to\u00a03.2.5 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Starter Templates Plugin \u003c= 3.2.4 is vulnerable to Server Side Request Forgery (SSRF)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-41804",
"datePublished": "2023-12-07T10:58:43.110Z",
"dateReserved": "2023-09-01T11:55:20.628Z",
"dateUpdated": "2026-04-28T16:08:38.795Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-41899 (GCVE-0-2023-41899)
Vulnerability from cvelistv5 – Published: 2023-10-19 22:18 – Updated: 2024-09-12 15:10
VLAI
Title
Partial Server-Side Request Forgery in Home Assistant Core
Summary
Home assistant is an open source home automation. In affected versions the `hassio.addon_stdin` is vulnerable to a partial Server-Side Request Forgery where an attacker capable of calling this service (e.g.: through GHSA-h2jp-7grc-9xpp) may be able to invoke any Supervisor REST API endpoints with a POST request. An attacker able to exploit will be able to control the data dictionary, including its addon and input key/values. This issue has been addressed in version 2023.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as GitHub Security Lab (GHSL) Vulnerability Report: `GHSL-2023-162`.
Severity
6.6 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/home-assistant/core/security/a… | x_refsource_CONFIRM |
| https://github.com/home-assistant/core/security/a… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| home-assistant | core |
Affected:
< 2023.9.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:09:49.347Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/home-assistant/core/security/advisories/GHSA-4r74-h49q-rr3h",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/home-assistant/core/security/advisories/GHSA-4r74-h49q-rr3h"
},
{
"name": "https://github.com/home-assistant/core/security/advisories/GHSA-h2jp-7grc-9xpp",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/home-assistant/core/security/advisories/GHSA-h2jp-7grc-9xpp"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41899",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T15:10:25.403844Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T15:10:42.201Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "core",
"vendor": "home-assistant",
"versions": [
{
"status": "affected",
"version": "\u003c 2023.9.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Home assistant is an open source home automation. In affected versions the `hassio.addon_stdin` is vulnerable to a partial Server-Side Request Forgery where an attacker capable of calling this service (e.g.: through GHSA-h2jp-7grc-9xpp) may be able to invoke any Supervisor REST API endpoints with a POST request. An attacker able to exploit will be able to control the data dictionary, including its addon and input key/values. This issue has been addressed in version 2023.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as GitHub Security Lab (GHSL) Vulnerability Report: `GHSL-2023-162`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-19T22:18:31.224Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/home-assistant/core/security/advisories/GHSA-4r74-h49q-rr3h",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/home-assistant/core/security/advisories/GHSA-4r74-h49q-rr3h"
},
{
"name": "https://github.com/home-assistant/core/security/advisories/GHSA-h2jp-7grc-9xpp",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/home-assistant/core/security/advisories/GHSA-h2jp-7grc-9xpp"
}
],
"source": {
"advisory": "GHSA-4r74-h49q-rr3h",
"discovery": "UNKNOWN"
},
"title": "Partial Server-Side Request Forgery in Home Assistant Core "
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-41899",
"datePublished": "2023-10-19T22:18:31.224Z",
"dateReserved": "2023-09-04T16:31:48.226Z",
"dateUpdated": "2024-09-12T15:10:42.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42439 (GCVE-0-2023-42439)
Vulnerability from cvelistv5 – Published: 2023-09-15 20:22 – Updated: 2024-09-25 17:28
VLAI
Title
GeoNode SSRF Bypass to return internal host data
Summary
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. A SSRF vulnerability exists starting in version 3.2.0, bypassing existing controls on the software. This can allow a user to request internal services for a full read SSRF, returning any data from the internal network. The application is using a whitelist, but the whitelist can be bypassed. The bypass will trick the application that the first host is a whitelisted address, but the browser will use `@` or `%40` as a credential to the host geoserver on port 8080, this will return the data to that host on the response. Version 4.1.3.post1 is the first available version that contains a patch.
Severity
7.5 (High)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/GeoNode/geonode/security/advis… | x_refsource_CONFIRM |
| https://github.com/GeoNode/geonode/commit/79ac6e7… | x_refsource_MISC |
| https://github.com/GeoNode/geonode/releases/tag/4.1.3 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:23:38.520Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/GeoNode/geonode/security/advisories/GHSA-pxg5-h34r-7q8p",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/GeoNode/geonode/security/advisories/GHSA-pxg5-h34r-7q8p"
},
{
"name": "https://github.com/GeoNode/geonode/commit/79ac6e70419c2e0261548bed91c159b54ff35b8d",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/GeoNode/geonode/commit/79ac6e70419c2e0261548bed91c159b54ff35b8d"
},
{
"name": "https://github.com/GeoNode/geonode/releases/tag/4.1.3",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/GeoNode/geonode/releases/tag/4.1.3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-42439",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T17:28:13.631220Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T17:28:23.632Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "geonode",
"vendor": "GeoNode",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.2.0, \u003c= 4.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. A SSRF vulnerability exists starting in version 3.2.0, bypassing existing controls on the software. This can allow a user to request internal services for a full read SSRF, returning any data from the internal network. The application is using a whitelist, but the whitelist can be bypassed. The bypass will trick the application that the first host is a whitelisted address, but the browser will use `@` or `%40` as a credential to the host geoserver on port 8080, this will return the data to that host on the response. Version 4.1.3.post1 is the first available version that contains a patch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-20T19:32:33.623Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/GeoNode/geonode/security/advisories/GHSA-pxg5-h34r-7q8p",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/GeoNode/geonode/security/advisories/GHSA-pxg5-h34r-7q8p"
},
{
"name": "https://github.com/GeoNode/geonode/commit/79ac6e70419c2e0261548bed91c159b54ff35b8d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/GeoNode/geonode/commit/79ac6e70419c2e0261548bed91c159b54ff35b8d"
},
{
"name": "https://github.com/GeoNode/geonode/releases/tag/4.1.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/GeoNode/geonode/releases/tag/4.1.3"
}
],
"source": {
"advisory": "GHSA-pxg5-h34r-7q8p",
"discovery": "UNKNOWN"
},
"title": "GeoNode SSRF Bypass to return internal host data"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-42439",
"datePublished": "2023-09-15T20:22:19.102Z",
"dateReserved": "2023-09-08T20:57:45.571Z",
"dateUpdated": "2024-09-25T17:28:23.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42450 (GCVE-0-2023-42450)
Vulnerability from cvelistv5 – Published: 2023-09-19 15:53 – Updated: 2025-06-18 14:28
VLAI
Title
Mastodon Server-Side Request Forgery vulnerability
Summary
Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 4.2.0-beta1 and prior to version 4.2.0-rc2, by crafting specific input, attackers can inject arbitrary data into HTTP requests issued by Mastodon. This can be used to perform confused deputy attacks if the server configuration includes `ALLOWED_PRIVATE_ADDRESSES` to allow access to local exploitable services. Version 4.2.0-rc2 has a patch for the issue.
Severity
5.4 (Medium)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/mastodon/mastodon/security/adv… | x_refsource_CONFIRM |
| https://github.com/mastodon/mastodon/commit/94893… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:23:38.545Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/mastodon/mastodon/security/advisories/GHSA-hcqf-fw2r-52g4",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mastodon/mastodon/security/advisories/GHSA-hcqf-fw2r-52g4"
},
{
"name": "https://github.com/mastodon/mastodon/commit/94893cf24fc95b32cc7a756262acbe008c20a9d2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mastodon/mastodon/commit/94893cf24fc95b32cc7a756262acbe008c20a9d2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-42450",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-18T14:28:37.435949Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T14:28:57.529Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "mastodon",
"vendor": "mastodon",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.2.0-beta1, \u003c 4.2.0-rc2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 4.2.0-beta1 and prior to version 4.2.0-rc2, by crafting specific input, attackers can inject arbitrary data into HTTP requests issued by Mastodon. This can be used to perform confused deputy attacks if the server configuration includes `ALLOWED_PRIVATE_ADDRESSES` to allow access to local exploitable services. Version 4.2.0-rc2 has a patch for the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-113",
"description": "CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-25T14:32:40.787Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/mastodon/mastodon/security/advisories/GHSA-hcqf-fw2r-52g4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mastodon/mastodon/security/advisories/GHSA-hcqf-fw2r-52g4"
},
{
"name": "https://github.com/mastodon/mastodon/commit/94893cf24fc95b32cc7a756262acbe008c20a9d2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mastodon/mastodon/commit/94893cf24fc95b32cc7a756262acbe008c20a9d2"
}
],
"source": {
"advisory": "GHSA-hcqf-fw2r-52g4",
"discovery": "UNKNOWN"
},
"title": "Mastodon Server-Side Request Forgery vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-42450",
"datePublished": "2023-09-19T15:53:39.685Z",
"dateReserved": "2023-09-08T20:57:45.573Z",
"dateUpdated": "2025-06-18T14:28:57.529Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42477 (GCVE-0-2023-42477)
Vulnerability from cvelistv5 – Published: 2023-10-10 01:37 – Updated: 2024-09-18 18:55
VLAI
Title
Server-Side Request Forgery in SAP NetWeaver AS Java (GRMG Heartbeat application)
Summary
SAP NetWeaver AS Java (GRMG Heartbeat application) - version 7.50, allows an attacker to send a crafted request from a vulnerable web application, causing limited impact on confidentiality and integrity of the application.
Severity
6.5 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP_SE | SAP NetWeaver AS Java |
Affected:
7.50
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:23:39.133Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://me.sap.com/notes/3333426"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-42477",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T18:54:26.974833Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T18:55:58.441Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP NetWeaver AS Java",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "7.50"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSAP NetWeaver AS Java (GRMG Heartbeat application) - version 7.50,\u00a0allows an attacker to send a crafted request from a vulnerable web application, causing limited impact on confidentiality and integrity of the application.\u003c/p\u003e"
}
],
"value": "SAP NetWeaver AS Java (GRMG Heartbeat application) - version 7.50,\u00a0allows an attacker to send a crafted request from a vulnerable web application, causing limited impact on confidentiality and integrity of the application.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-10T01:37:54.816Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/3333426"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Server-Side Request Forgery in SAP NetWeaver AS Java (GRMG Heartbeat application)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2023-42477",
"datePublished": "2023-10-10T01:37:54.816Z",
"dateReserved": "2023-09-11T07:15:13.775Z",
"dateUpdated": "2024-09-18T18:55:58.441Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42812 (GCVE-0-2023-42812)
Vulnerability from cvelistv5 – Published: 2023-09-22 16:07 – Updated: 2024-09-24 14:25
VLAI
Title
Galaxy vulnerable to Server Side Request Forgery during data imports
Summary
Galaxy is an open-source platform for FAIR data analysis. Prior to version 22.05, Galaxy is vulnerable to server-side request forgery, which allows a malicious to issue arbitrary HTTP/HTTPS requests from the application server to internal hosts and read their responses. Version 22.05 contains a patch for this issue.
Severity
6.3 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/galaxyproject/galaxy/security/… | x_refsource_CONFIRM |
| https://github.com/galaxyproject/galaxy/blob/06d5… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| galaxyproject | galaxy |
Affected:
< 22.05
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:30:23.991Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/galaxyproject/galaxy/security/advisories/GHSA-vf5q-r8p9-35xh",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/galaxyproject/galaxy/security/advisories/GHSA-vf5q-r8p9-35xh"
},
{
"name": "https://github.com/galaxyproject/galaxy/blob/06d56c859713b74f1c2e35da1c2fcbbf0a965645/lib/galaxy/files/uris.py",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/galaxyproject/galaxy/blob/06d56c859713b74f1c2e35da1c2fcbbf0a965645/lib/galaxy/files/uris.py"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:galaxyproject:galaxy:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "galaxy",
"vendor": "galaxyproject",
"versions": [
{
"lessThan": "22.05",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-42812",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T14:16:11.186927Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T14:25:37.165Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "galaxy",
"vendor": "galaxyproject",
"versions": [
{
"status": "affected",
"version": "\u003c 22.05"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Galaxy is an open-source platform for FAIR data analysis. Prior to version 22.05, Galaxy is vulnerable to server-side request forgery, which allows a malicious to issue arbitrary HTTP/HTTPS requests from the application server to internal hosts and read their responses. Version 22.05 contains a patch for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-22T16:07:02.731Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/galaxyproject/galaxy/security/advisories/GHSA-vf5q-r8p9-35xh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/galaxyproject/galaxy/security/advisories/GHSA-vf5q-r8p9-35xh"
},
{
"name": "https://github.com/galaxyproject/galaxy/blob/06d56c859713b74f1c2e35da1c2fcbbf0a965645/lib/galaxy/files/uris.py",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/galaxyproject/galaxy/blob/06d56c859713b74f1c2e35da1c2fcbbf0a965645/lib/galaxy/files/uris.py"
}
],
"source": {
"advisory": "GHSA-vf5q-r8p9-35xh",
"discovery": "UNKNOWN"
},
"title": "Galaxy vulnerable to Server Side Request Forgery during data imports"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-42812",
"datePublished": "2023-09-22T16:07:02.731Z",
"dateReserved": "2023-09-14T16:13:33.308Z",
"dateUpdated": "2024-09-24T14:25:37.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43654 (GCVE-0-2023-43654)
Vulnerability from cvelistv5 – Published: 2023-09-28 22:10 – Updated: 2025-02-13 17:13
VLAI
Title
TorchServe Server-Side Request Forgery
Summary
TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity of the system and sensitive data. This issue is present in versions 0.1.0 to 0.8.1. A user is able to load the model of their choice from any URL that they would like to use. The user of TorchServe is responsible for configuring both the allowed_urls and specifying the model URL to be used. A pull request to warn the user when the default value for allowed_urls is used has been merged in PR #2534. TorchServe release 0.8.2 includes this change. Users are advised to upgrade. There are no known workarounds for this issue.
Severity
10 (Critical)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/pytorch/serve/security/advisor… | x_refsource_CONFIRM |
| https://github.com/pytorch/serve/pull/2534 | x_refsource_MISC |
| https://github.com/pytorch/serve/releases/tag/v0.8.2 | x_refsource_MISC |
| http://packetstormsecurity.com/files/175095/PyTor… |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:44:43.856Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/pytorch/serve/security/advisories/GHSA-8fxr-qfr9-p34w",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/pytorch/serve/security/advisories/GHSA-8fxr-qfr9-p34w"
},
{
"name": "https://github.com/pytorch/serve/pull/2534",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pytorch/serve/pull/2534"
},
{
"name": "https://github.com/pytorch/serve/releases/tag/v0.8.2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pytorch/serve/releases/tag/v0.8.2"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/175095/PyTorch-Model-Server-Registration-Deserialization-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:pytorch:torchserve:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "torchserve",
"vendor": "pytorch",
"versions": [
{
"lessThan": "0.8.2",
"status": "affected",
"version": "0.1.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43654",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T18:11:45.025680Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T18:12:51.982Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "serve",
"vendor": "pytorch",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.1.0, \u003c 0.8.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity of the system and sensitive data. This issue is present in versions 0.1.0 to 0.8.1. A user is able to load the model of their choice from any URL that they would like to use. The user of TorchServe is responsible for configuring both the allowed_urls and specifying the model URL to be used. A pull request to warn the user when the default value for allowed_urls is used has been merged in PR #2534. TorchServe release 0.8.2 includes this change. Users are advised to upgrade. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-13T15:06:29.225Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pytorch/serve/security/advisories/GHSA-8fxr-qfr9-p34w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pytorch/serve/security/advisories/GHSA-8fxr-qfr9-p34w"
},
{
"name": "https://github.com/pytorch/serve/pull/2534",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pytorch/serve/pull/2534"
},
{
"name": "https://github.com/pytorch/serve/releases/tag/v0.8.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pytorch/serve/releases/tag/v0.8.2"
},
{
"url": "http://packetstormsecurity.com/files/175095/PyTorch-Model-Server-Registration-Deserialization-Remote-Code-Execution.html"
}
],
"source": {
"advisory": "GHSA-8fxr-qfr9-p34w",
"discovery": "UNKNOWN"
},
"title": "TorchServe Server-Side Request Forgery"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-43654",
"datePublished": "2023-09-28T22:10:09.497Z",
"dateReserved": "2023-09-20T15:35:38.147Z",
"dateUpdated": "2025-02-13T17:13:27.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43795 (GCVE-0-2023-43795)
Vulnerability from cvelistv5 – Published: 2023-10-24 22:14 – Updated: 2024-09-17 14:15
VLAI
Title
WPS Server Side Request Forgery in GeoServer
Summary
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. This vulnerability has been patched in version 2.22.5 and 2.23.2.
Severity
8.6 (High)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/geoserver/geoserver/security/a… | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:52:11.081Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43795",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-11T13:52:43.998305Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T14:15:26.074Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"status": "affected",
"version": "\u003c 2.22.5"
},
{
"status": "affected",
"version": "\u003e= 2.23.0, \u003c 2.23.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. This vulnerability has been patched in version 2.22.5 and 2.23.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T22:14:30.956Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956"
}
],
"source": {
"advisory": "GHSA-5pr3-m5hm-9956",
"discovery": "UNKNOWN"
},
"title": "WPS Server Side Request Forgery in GeoServer"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-43795",
"datePublished": "2023-10-24T22:14:30.956Z",
"dateReserved": "2023-09-22T14:51:42.339Z",
"dateUpdated": "2024-09-17T14:15:26.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43798 (GCVE-0-2023-43798)
Vulnerability from cvelistv5 – Published: 2023-10-30 22:24 – Updated: 2024-09-05 20:19
VLAI
Title
BigBlueButton Blind SSRF When Uploading Presentation (mitigation bypass)
Summary
BigBlueButton is an open-source virtual classroom. BigBlueButton prior to versions 2.6.12 and 2.7.0-rc.1 is vulnerable to Server-Side Request Forgery (SSRF). This issue is a bypass of CVE-2023-33176. A patch in versions 2.6.12 and 2.7.0-rc.1 disabled follow redirect at `httpclient.execute` since the software no longer has to follow it when using `finalUrl`. There are no known workarounds. We recommend upgrading to a patched version of BigBlueButton.
Severity
5.6 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/bigbluebutton/bigbluebutton/se… | x_refsource_CONFIRM |
| https://github.com/bigbluebutton/bigbluebutton/se… | x_refsource_MISC |
| https://github.com/bigbluebutton/bigbluebutton/pu… | x_refsource_MISC |
| https://github.com/bigbluebutton/bigbluebutton/pu… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| bigbluebutton | bigbluebutton |
Affected:
< 2.6.12
Affected: >= 2.7.0-alpha.1, < 2.7.0-rc.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:52:11.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-h98v-2h8w-99c4",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-h98v-2h8w-99c4"
},
{
"name": "https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-3q22-hph2-cff7",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-3q22-hph2-cff7"
},
{
"name": "https://github.com/bigbluebutton/bigbluebutton/pull/18494",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bigbluebutton/bigbluebutton/pull/18494"
},
{
"name": "https://github.com/bigbluebutton/bigbluebutton/pull/18580",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bigbluebutton/bigbluebutton/pull/18580"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43798",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T20:19:07.980053Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T20:19:17.331Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "bigbluebutton",
"vendor": "bigbluebutton",
"versions": [
{
"status": "affected",
"version": "\u003c 2.6.12"
},
{
"status": "affected",
"version": "\u003e= 2.7.0-alpha.1, \u003c 2.7.0-rc.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BigBlueButton is an open-source virtual classroom. BigBlueButton prior to versions 2.6.12 and 2.7.0-rc.1 is vulnerable to Server-Side Request Forgery (SSRF). This issue is a bypass of CVE-2023-33176. A patch in versions 2.6.12 and 2.7.0-rc.1 disabled follow redirect at `httpclient.execute` since the software no longer has to follow it when using `finalUrl`. There are no known workarounds. We recommend upgrading to a patched version of BigBlueButton."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T22:24:59.109Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-h98v-2h8w-99c4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-h98v-2h8w-99c4"
},
{
"name": "https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-3q22-hph2-cff7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-3q22-hph2-cff7"
},
{
"name": "https://github.com/bigbluebutton/bigbluebutton/pull/18494",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bigbluebutton/bigbluebutton/pull/18494"
},
{
"name": "https://github.com/bigbluebutton/bigbluebutton/pull/18580",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bigbluebutton/bigbluebutton/pull/18580"
}
],
"source": {
"advisory": "GHSA-h98v-2h8w-99c4",
"discovery": "UNKNOWN"
},
"title": "BigBlueButton Blind SSRF When Uploading Presentation (mitigation bypass)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-43798",
"datePublished": "2023-10-30T22:24:59.109Z",
"dateReserved": "2023-09-22T14:51:42.340Z",
"dateUpdated": "2024-09-05T20:19:17.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-44313 (GCVE-0-2023-44313)
Vulnerability from cvelistv5 – Published: 2024-01-31 08:49 – Updated: 2025-02-13 17:13
VLAI
Title
Apache ServiceComb Service-Center: attacker can perform SSRF through the frontend API
Summary
Server-Side Request Forgery (SSRF) vulnerability in Apache ServiceComb Service-Center. Attackers can obtain sensitive server information through specially crafted requests.This issue affects Apache ServiceComb before 2.1.0(include).
Users are recommended to upgrade to version 2.2.0, which fixes the issue.
Severity
7.6 (High)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache ServiceComb Service-Center |
Affected:
0 , ≤ 2.1.0
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:59:52.116Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/kxovd455o9h4f2v811hcov2qknbwld5r"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/31/4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-44313",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-01T20:36:46.059492Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T20:20:59.935Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache ServiceComb Service-Center",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "2.1.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "\u82cf \u5b89 \u003csuanwell@hotmail.com\u003e"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Server-Side Request Forgery (SSRF) vulnerability in Apache ServiceComb Service-Center. Attackers can obtain sensitive server information through specially crafted requests.\u003cp\u003eThis issue affects Apache ServiceComb before 2.1.0(include).\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 2.2.0, which fixes the issue.\u003c/p\u003e"
}
],
"value": "Server-Side Request Forgery (SSRF) vulnerability in Apache ServiceComb Service-Center. Attackers can obtain sensitive server information through specially crafted requests.This issue affects Apache ServiceComb before 2.1.0(include).\n\nUsers are recommended to upgrade to version 2.2.0, which fixes the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-31T08:50:06.797Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/kxovd455o9h4f2v811hcov2qknbwld5r"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/31/4"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache ServiceComb Service-Center: attacker can perform SSRF through the frontend API",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2023-44313",
"datePublished": "2024-01-31T08:49:45.962Z",
"dateReserved": "2023-09-28T13:17:56.101Z",
"dateUpdated": "2025-02-13T17:13:39.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
No mitigation information available for this CWE.
CAPEC-664: Server Side Request Forgery
An adversary exploits improper input validation by submitting maliciously crafted input to a target application running on a server, with the goal of forcing the server to make a request either to itself, to web services running in the server’s internal network, or to external third parties. If successful, the adversary’s request will be made with the server’s privilege level, bypassing its authentication controls. This ultimately allows the adversary to access sensitive data, execute commands on the server’s network, and make external requests with the stolen identity of the server. Server Side Request Forgery attacks differ from Cross Site Request Forgery attacks in that they target the server itself, whereas CSRF attacks exploit an insecure user authentication mechanism to perform unauthorized actions on the user's behalf.