CWE-918
Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
CVE-2020-8135 (GCVE-0-2020-8135)
Vulnerability from cvelistv5 – Published: 2020-03-20 18:26 – Updated: 2024-08-04 09:48
VLAI
Summary
The uppy npm package < 1.9.3 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external network or otherwise interact with internal systems.
Severity
No CVSS data available.
CWE
- CWE-918 - Server-Side Request Forgery (SSRF) (CWE-918)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://hackerone.com/reports/786956 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:25.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/786956"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "uppy",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed Version: 1.9.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The uppy npm package \u003c 1.9.3 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external network or otherwise interact with internal systems."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery (SSRF) (CWE-918)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-20T18:26:32.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/786956"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8135",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "uppy",
"version": {
"version_data": [
{
"version_value": "Fixed Version: 1.9.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The uppy npm package \u003c 1.9.3 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external network or otherwise interact with internal systems."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Server-Side Request Forgery (SSRF) (CWE-918)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/786956",
"refsource": "MISC",
"url": "https://hackerone.com/reports/786956"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8135",
"datePublished": "2020-03-20T18:26:32.000Z",
"dateReserved": "2020-01-28T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:48:25.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8138 (GCVE-0-2020-8138)
Vulnerability from cvelistv5 – Published: 2020-03-20 20:12 – Updated: 2024-08-04 09:48
VLAI
Summary
A missing check for IPv4 nested inside IPv6 in Nextcloud server < 17.0.1, < 16.0.7, and < 15.0.14 allowed a Server-Side Request Forgery (SSRF) vulnerability when subscribing to a malicious calendar URL.
Severity
No CVSS data available.
CWE
- CWE-918 - Server-Side Request Forgery (SSRF) (CWE-918)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://hackerone.com/reports/736867 | x_refsource_MISC |
| https://nextcloud.com/security/advisory/?id=NC-SA… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Nextcloud Server |
Affected:
Fixed in 17.0.2, 16.0.7, and 15.0.14
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:25.824Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/736867"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-014"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Nextcloud Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in 17.0.2, 16.0.7, and 15.0.14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A missing check for IPv4 nested inside IPv6 in Nextcloud server \u003c 17.0.1, \u003c 16.0.7, and \u003c 15.0.14 allowed a Server-Side Request Forgery (SSRF) vulnerability when subscribing to a malicious calendar URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery (SSRF) (CWE-918)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-20T20:12:26.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/736867"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-014"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nextcloud Server",
"version": {
"version_data": [
{
"version_value": "Fixed in 17.0.2, 16.0.7, and 15.0.14"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A missing check for IPv4 nested inside IPv6 in Nextcloud server \u003c 17.0.1, \u003c 16.0.7, and \u003c 15.0.14 allowed a Server-Side Request Forgery (SSRF) vulnerability when subscribing to a malicious calendar URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Server-Side Request Forgery (SSRF) (CWE-918)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/736867",
"refsource": "MISC",
"url": "https://hackerone.com/reports/736867"
},
{
"name": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-014",
"refsource": "CONFIRM",
"url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-014"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8138",
"datePublished": "2020-03-20T20:12:26.000Z",
"dateReserved": "2020-01-28T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:48:25.824Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8205 (GCVE-0-2020-8205)
Vulnerability from cvelistv5 – Published: 2020-07-20 15:00 – Updated: 2024-08-04 09:56
VLAI
Summary
The uppy npm package < 1.13.2 and < 2.0.0-alpha.5 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external networks or otherwise interact with internal systems.
Severity
No CVSS data available.
CWE
- CWE-918 - Server-Side Request Forgery (SSRF) (CWE-918)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://hackerone.com/reports/891270 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:27.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/891270"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "uppy",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed Versions: 1.13.2, 2.0.0-alpha.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The uppy npm package \u003c 1.13.2 and \u003c 2.0.0-alpha.5 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external networks or otherwise interact with internal systems."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery (SSRF) (CWE-918)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-20T15:00:53.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/891270"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8205",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "uppy",
"version": {
"version_data": [
{
"version_value": "Fixed Versions: 1.13.2, 2.0.0-alpha.5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The uppy npm package \u003c 1.13.2 and \u003c 2.0.0-alpha.5 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external networks or otherwise interact with internal systems."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Server-Side Request Forgery (SSRF) (CWE-918)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/891270",
"refsource": "MISC",
"url": "https://hackerone.com/reports/891270"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8205",
"datePublished": "2020-07-20T15:00:53.000Z",
"dateReserved": "2020-01-28T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:56:27.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8555 (GCVE-0-2020-8555)
Vulnerability from cvelistv5 – Published: 2020-06-04 21:50 – Updated: 2024-09-16 18:39
VLAI
Title
Kubernetes kube-controller-manager SSRF
Summary
The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master's host network (such as link-local or loopback services).
Severity
6.3 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2020/06/01/4 | mailing-listx_refsource_MLIST |
| https://groups.google.com/d/topic/kubernetes-secu… | mailing-listx_refsource_MLIST |
| https://github.com/kubernetes/kubernetes/issues/91542 | x_refsource_CONFIRM |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://security.netapp.com/advisory/ntap-2020072… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2021/05/04/8 | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Kubernetes | Kubernetes |
Affected:
1.18.0
Affected: 1.1 Affected: 1.2 Affected: 1.3 Affected: 1.4 Affected: 1.5 Affected: 1.6 Affected: 1.7 Affected: 1.8 Affected: 1.9 Affected: 1.10 Affected: 1.11 Affected: 1.12 Affected: 1.13 Affected: 1.14 Affected: 1.15 , < 1.15.12 (custom) Affected: 1.16 , < 1.16.9 (custom) Affected: 1.17 , < 1.17.5 (custom) |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:46.110Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20200601 CVE-2020-8555: Kubernetes: Half-Blind SSRF in kube-controller-manager",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/06/01/4"
},
{
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://groups.google.com/d/topic/kubernetes-security-announce/kEK27tqqs30/discussion"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/issues/91542"
},
{
"name": "FEDORA-2020-aeea04cd13",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200724-0005/"
},
{
"name": "[oss-security] 20210504 [kubernetes] CVE-2020-8562: Bypass of Kubernetes API Server proxy TOCTOU",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/04/8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"status": "affected",
"version": "1.18.0"
},
{
"status": "affected",
"version": "1.1"
},
{
"status": "affected",
"version": "1.2"
},
{
"status": "affected",
"version": "1.3"
},
{
"status": "affected",
"version": "1.4"
},
{
"status": "affected",
"version": "1.5"
},
{
"status": "affected",
"version": "1.6"
},
{
"status": "affected",
"version": "1.7"
},
{
"status": "affected",
"version": "1.8"
},
{
"status": "affected",
"version": "1.9"
},
{
"status": "affected",
"version": "1.10"
},
{
"status": "affected",
"version": "1.11"
},
{
"status": "affected",
"version": "1.12"
},
{
"status": "affected",
"version": "1.13"
},
{
"status": "affected",
"version": "1.14"
},
{
"lessThan": "1.15.12",
"status": "affected",
"version": "1.15",
"versionType": "custom"
},
{
"lessThan": "1.16.9",
"status": "affected",
"version": "1.16",
"versionType": "custom"
},
{
"lessThan": "1.17.5",
"status": "affected",
"version": "1.17",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Brice Augras from Groupe-Asten and Christophe Hauquiert from Nokia"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master\u0027s host network (such as link-local or loopback services)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-04T20:06:18.000Z",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"name": "[oss-security] 20200601 CVE-2020-8555: Kubernetes: Half-Blind SSRF in kube-controller-manager",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/06/01/4"
},
{
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://groups.google.com/d/topic/kubernetes-security-announce/kEK27tqqs30/discussion"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kubernetes/kubernetes/issues/91542"
},
{
"name": "FEDORA-2020-aeea04cd13",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200724-0005/"
},
{
"name": "[oss-security] 20210504 [kubernetes] CVE-2020-8562: Bypass of Kubernetes API Server proxy TOCTOU",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/04/8"
}
],
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/issues/91542"
],
"discovery": "EXTERNAL"
},
"title": "Kubernetes kube-controller-manager SSRF",
"workarounds": [
{
"lang": "en",
"value": "Prior to upgrading, this vulnerability can be mitigated by adding endpoint protections on the master or restricting usage of the vulnerable volume types (for example by constraining usage with a PodSecurityPolicy or third-party admission controller such as Gatekeeper) and restricting StorageClass write permissions through RBAC."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "security@kubernetes.io",
"DATE_PUBLIC": "",
"ID": "CVE-2020-8555",
"STATE": "PUBLIC",
"TITLE": "Kubernetes kube-controller-manager SSRF"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c",
"version_name": "1.15",
"version_value": "1.15.12"
},
{
"platform": "",
"version_affected": "\u003c",
"version_name": "1.16",
"version_value": "1.16.9"
},
{
"platform": "",
"version_affected": "\u003c",
"version_name": "1.17",
"version_value": "1.17.5"
},
{
"platform": "",
"version_affected": "",
"version_name": "",
"version_value": "1.18.0"
},
{
"platform": "",
"version_affected": "",
"version_name": "",
"version_value": "1.1"
},
{
"platform": "",
"version_affected": "",
"version_name": "",
"version_value": "1.2"
},
{
"platform": "",
"version_affected": "",
"version_name": "",
"version_value": "1.3"
},
{
"platform": "",
"version_affected": "",
"version_name": "",
"version_value": "1.4"
},
{
"platform": "",
"version_affected": "",
"version_name": "",
"version_value": "1.5"
},
{
"platform": "",
"version_affected": "",
"version_name": "",
"version_value": "1.6"
},
{
"platform": "",
"version_affected": "",
"version_name": "",
"version_value": "1.7"
},
{
"platform": "",
"version_affected": "",
"version_name": "",
"version_value": "1.8"
},
{
"platform": "",
"version_affected": "",
"version_name": "",
"version_value": "1.9"
},
{
"platform": "",
"version_affected": "",
"version_name": "",
"version_value": "1.10"
},
{
"platform": "",
"version_affected": "",
"version_name": "",
"version_value": "1.11"
},
{
"platform": "",
"version_affected": "",
"version_name": "",
"version_value": "1.12"
},
{
"platform": "",
"version_affected": "",
"version_name": "",
"version_value": "1.13"
},
{
"platform": "",
"version_affected": "",
"version_name": "",
"version_value": "1.14"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "Brice Augras from Groupe-Asten and Christophe Hauquiert from Nokia"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master\u0027s host network (such as link-local or loopback services)."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918 Server-Side Request Forgery (SSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20200601 CVE-2020-8555: Kubernetes: Half-Blind SSRF in kube-controller-manager",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/06/01/4"
},
{
"name": "",
"refsource": "MLIST",
"url": "https://groups.google.com/d/topic/kubernetes-security-announce/kEK27tqqs30/discussion"
},
{
"name": "https://github.com/kubernetes/kubernetes/issues/91542",
"refsource": "CONFIRM",
"url": "https://github.com/kubernetes/kubernetes/issues/91542"
},
{
"name": "FEDORA-2020-aeea04cd13",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200724-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200724-0005/"
},
{
"name": "[oss-security] 20210504 [kubernetes] CVE-2020-8562: Bypass of Kubernetes API Server proxy TOCTOU",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/05/04/8"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [
"https://github.com/kubernetes/kubernetes/issues/91542"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Prior to upgrading, this vulnerability can be mitigated by adding endpoint protections on the master or restricting usage of the vulnerable volume types (for example by constraining usage with a PodSecurityPolicy or third-party admission controller such as Gatekeeper) and restricting StorageClass write permissions through RBAC."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2020-8555",
"datePublished": "2020-06-04T21:50:11.749Z",
"dateReserved": "2020-02-03T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:39:58.006Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-1272 (GCVE-0-2021-1272)
Vulnerability from cvelistv5 – Published: 2021-01-20 19:56 – Updated: 2024-11-12 20:24
VLAI
Title
Cisco Data Center Network Manager Server-Side Request Forgery Vulnerability
Summary
A vulnerability in the session validation feature of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on a targeted system. This vulnerability is due to insufficient validation of parameters in a specific HTTP request by an attacker. An attacker could exploit this vulnerability by sending a crafted HTTP request to an authenticated user of the DCNM web application. A successful exploit could allow the attacker to bypass access controls and gain unauthorized access to the Device Manager application, which provides access to network devices managed by the system.
Severity
8.8 (High)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://tools.cisco.com/security/center/content/C… | vendor-advisoryx_refsource_CISCO |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Data Center Network Manager |
Affected:
n/a
|
Date Public
2021-01-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:02:56.393Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210120 Cisco Data Center Network Manager Server-Side Request Forgery Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-ssrf-F2vX6q5p"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-1272",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-08T20:26:21.055500Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T20:24:20.068Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Data Center Network Manager",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-01-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the session validation feature of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on a targeted system. This vulnerability is due to insufficient validation of parameters in a specific HTTP request by an attacker. An attacker could exploit this vulnerability by sending a crafted HTTP request to an authenticated user of the DCNM web application. A successful exploit could allow the attacker to bypass access controls and gain unauthorized access to the Device Manager application, which provides access to network devices managed by the system."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-20T19:56:52.000Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20210120 Cisco Data Center Network Manager Server-Side Request Forgery Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-ssrf-F2vX6q5p"
}
],
"source": {
"advisory": "cisco-sa-dcnm-ssrf-F2vX6q5p",
"defect": [
[
"CSCvv82444"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Data Center Network Manager Server-Side Request Forgery Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-01-20T16:00:00",
"ID": "CVE-2021-1272",
"STATE": "PUBLIC",
"TITLE": "Cisco Data Center Network Manager Server-Side Request Forgery Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Data Center Network Manager",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the session validation feature of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on a targeted system. This vulnerability is due to insufficient validation of parameters in a specific HTTP request by an attacker. An attacker could exploit this vulnerability by sending a crafted HTTP request to an authenticated user of the DCNM web application. A successful exploit could allow the attacker to bypass access controls and gain unauthorized access to the Device Manager application, which provides access to network devices managed by the system."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "8.8",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210120 Cisco Data Center Network Manager Server-Side Request Forgery Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-ssrf-F2vX6q5p"
}
]
},
"source": {
"advisory": "cisco-sa-dcnm-ssrf-F2vX6q5p",
"defect": [
[
"CSCvv82444"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-1272",
"datePublished": "2021-01-20T19:56:52.449Z",
"dateReserved": "2020-11-13T00:00:00.000Z",
"dateUpdated": "2024-11-12T20:24:20.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21009 (GCVE-0-2021-21009)
Vulnerability from cvelistv5 – Published: 2021-01-13 22:47 – Updated: 2025-04-23 19:47
VLAI
Title
Server-side request forgery (SSRF) in Campaign Classic could lead to sensitive information disclosure
Summary
Adobe Campaign Classic Gold Standard 10 (and earlier), 20.3.1 (and earlier), 20.2.3 (and earlier), 20.1.3 (and earlier), 19.2.3 (and earlier) and 19.1.7 (and earlier) are affected by a server-side request forgery (SSRF) vulnerability. Successful exploitation could allow an attacker to use the Campaign instance to issue unauthorized requests to internal or external resources.
Severity
8.6 (High)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF) (CWE-918)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://helpx.adobe.com/security/products/campaig… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Adobe | Campaign |
Affected:
unspecified , ≤ 20.3.1 and earlier
(custom)
Affected: unspecified , ≤ Gold Standard 10 and earlier (custom) Affected: unspecified , ≤ 20.2.3 and earlier (custom) Affected: unspecified , ≤ 20.1.3 and earlier (custom) Affected: unspecified , ≤ 19.2.3 and earlier (custom) Affected: unspecified , ≤ 19.1.7 and earlier (custom) |
Date Public
2021-01-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:23.232Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/campaign/apsb21-04.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-21009",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:06:29.605174Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T19:47:08.752Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Campaign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "20.3.1 and earlier",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "Gold Standard 10 and earlier",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "20.2.3 and earlier",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "20.1.3 and earlier",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "19.2.3 and earlier",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "19.1.7 and earlier",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-01-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe Campaign Classic Gold Standard 10 (and earlier), 20.3.1 (and earlier), 20.2.3 (and earlier), 20.1.3 (and earlier), 19.2.3 (and earlier) and 19.1.7 (and earlier) are affected by a server-side request forgery (SSRF) vulnerability. Successful exploitation could allow an attacker to use the Campaign instance to issue unauthorized requests to internal or external resources."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery (SSRF) (CWE-918)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-13T22:47:48.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/campaign/apsb21-04.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Server-side request forgery (SSRF) in Campaign Classic could lead to sensitive information disclosure",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2021-01-12T23:00:00.000Z",
"ID": "CVE-2021-21009",
"STATE": "PUBLIC",
"TITLE": "Server-side request forgery (SSRF) in Campaign Classic could lead to sensitive information disclosure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Campaign",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "20.3.1 and earlier"
},
{
"version_affected": "\u003c=",
"version_value": "Gold Standard 10 and earlier"
},
{
"version_affected": "\u003c=",
"version_value": "20.2.3 and earlier"
},
{
"version_affected": "\u003c=",
"version_value": "20.1.3 and earlier"
},
{
"version_affected": "\u003c=",
"version_value": "19.2.3 and earlier"
},
{
"version_affected": "\u003c=",
"version_value": "19.1.7 and earlier"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Campaign Classic Gold Standard 10 (and earlier), 20.3.1 (and earlier), 20.2.3 (and earlier), 20.1.3 (and earlier), 19.2.3 (and earlier) and 19.1.7 (and earlier) are affected by a server-side request forgery (SSRF) vulnerability. Successful exploitation could allow an attacker to use the Campaign instance to issue unauthorized requests to internal or external resources."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Network",
"availabilityImpact": "None",
"baseScore": 8.6,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Changed",
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Server-Side Request Forgery (SSRF) (CWE-918)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/campaign/apsb21-04.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/campaign/apsb21-04.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2021-21009",
"datePublished": "2021-01-13T22:47:48.937Z",
"dateReserved": "2020-12-18T00:00:00.000Z",
"dateUpdated": "2025-04-23T19:47:08.752Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21287 (GCVE-0-2021-21287)
Vulnerability from cvelistv5 – Published: 2021-02-01 17:15 – Updated: 2024-08-03 18:09
VLAI
Title
Server-Side Request Forgery in MinIO Browser API
Summary
MinIO is a High Performance Object Storage released under Apache License v2.0. In MinIO before version RELEASE.2021-01-30T00-20-58Z there is a server-side request forgery vulnerability. The target application may have functionality for importing data from a URL, publishing data to a URL, or otherwise reading data from a URL that can be tampered with. The attacker modifies the calls to this functionality by supplying a completely different URL or by manipulating how URLs are built (path traversal etc.). In a Server-Side Request Forgery (SSRF) attack, the attacker can abuse functionality on the server to read or update internal resources. The attacker can supply or modify a URL which the code running on the server will read or submit data, and by carefully selecting the URLs, the attacker may be able to read server configuration such as AWS metadata, connect to internal services like HTTP enabled databases, or perform post requests towards internal services which are not intended to be exposed. This is fixed in version RELEASE.2021-01-30T00-20-58Z, all users are advised to upgrade. As a workaround you can disable the browser front-end with "MINIO_BROWSER=off" environment variable.
Severity
7.7 (High)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/minio/minio/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/minio/minio/pull/11337 | x_refsource_MISC |
| https://github.com/minio/minio/commit/eb6871ecd96… | x_refsource_MISC |
| https://github.com/minio/minio/releases/tag/RELEA… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:09:15.757Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/minio/minio/security/advisories/GHSA-m4qq-5f7c-693q"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/minio/minio/pull/11337"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/minio/minio/commit/eb6871ecd960d570f70698877209e6db181bf276"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/minio/minio/releases/tag/RELEASE.2021-01-30T00-20-58Z"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "minio",
"vendor": "minio",
"versions": [
{
"status": "affected",
"version": "\u003c RELEASE.2021-01-30T00-20-58Z"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MinIO is a High Performance Object Storage released under Apache License v2.0. In MinIO before version RELEASE.2021-01-30T00-20-58Z there is a server-side request forgery vulnerability. The target application may have functionality for importing data from a URL, publishing data to a URL, or otherwise reading data from a URL that can be tampered with. The attacker modifies the calls to this functionality by supplying a completely different URL or by manipulating how URLs are built (path traversal etc.). In a Server-Side Request Forgery (SSRF) attack, the attacker can abuse functionality on the server to read or update internal resources. The attacker can supply or modify a URL which the code running on the server will read or submit data, and by carefully selecting the URLs, the attacker may be able to read server configuration such as AWS metadata, connect to internal services like HTTP enabled databases, or perform post requests towards internal services which are not intended to be exposed. This is fixed in version RELEASE.2021-01-30T00-20-58Z, all users are advised to upgrade. As a workaround you can disable the browser front-end with \"MINIO_BROWSER=off\" environment variable."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-01T17:15:16.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/minio/minio/security/advisories/GHSA-m4qq-5f7c-693q"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/minio/minio/pull/11337"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/minio/minio/commit/eb6871ecd960d570f70698877209e6db181bf276"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/minio/minio/releases/tag/RELEASE.2021-01-30T00-20-58Z"
}
],
"source": {
"advisory": "GHSA-m4qq-5f7c-693q",
"discovery": "UNKNOWN"
},
"title": "Server-Side Request Forgery in MinIO Browser API",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-21287",
"STATE": "PUBLIC",
"TITLE": "Server-Side Request Forgery in MinIO Browser API"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "minio",
"version": {
"version_data": [
{
"version_value": "\u003c RELEASE.2021-01-30T00-20-58Z"
}
]
}
}
]
},
"vendor_name": "minio"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MinIO is a High Performance Object Storage released under Apache License v2.0. In MinIO before version RELEASE.2021-01-30T00-20-58Z there is a server-side request forgery vulnerability. The target application may have functionality for importing data from a URL, publishing data to a URL, or otherwise reading data from a URL that can be tampered with. The attacker modifies the calls to this functionality by supplying a completely different URL or by manipulating how URLs are built (path traversal etc.). In a Server-Side Request Forgery (SSRF) attack, the attacker can abuse functionality on the server to read or update internal resources. The attacker can supply or modify a URL which the code running on the server will read or submit data, and by carefully selecting the URLs, the attacker may be able to read server configuration such as AWS metadata, connect to internal services like HTTP enabled databases, or perform post requests towards internal services which are not intended to be exposed. This is fixed in version RELEASE.2021-01-30T00-20-58Z, all users are advised to upgrade. As a workaround you can disable the browser front-end with \"MINIO_BROWSER=off\" environment variable."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918: Server-Side Request Forgery (SSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/minio/minio/security/advisories/GHSA-m4qq-5f7c-693q",
"refsource": "CONFIRM",
"url": "https://github.com/minio/minio/security/advisories/GHSA-m4qq-5f7c-693q"
},
{
"name": "https://github.com/minio/minio/pull/11337",
"refsource": "MISC",
"url": "https://github.com/minio/minio/pull/11337"
},
{
"name": "https://github.com/minio/minio/commit/eb6871ecd960d570f70698877209e6db181bf276",
"refsource": "MISC",
"url": "https://github.com/minio/minio/commit/eb6871ecd960d570f70698877209e6db181bf276"
},
{
"name": "https://github.com/minio/minio/releases/tag/RELEASE.2021-01-30T00-20-58Z",
"refsource": "MISC",
"url": "https://github.com/minio/minio/releases/tag/RELEASE.2021-01-30T00-20-58Z"
}
]
},
"source": {
"advisory": "GHSA-m4qq-5f7c-693q",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-21287",
"datePublished": "2021-02-01T17:15:16.000Z",
"dateReserved": "2020-12-22T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:09:15.757Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21288 (GCVE-0-2021-21288)
Vulnerability from cvelistv5 – Published: 2021-02-08 19:15 – Updated: 2024-08-03 18:09
VLAI
Title
Server-side request forgery in CarrierWave
Summary
CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1 the download feature has an SSRF vulnerability, allowing attacks to provide DNS entries or IP addresses that are intended for internal use and gather information about the Intranet infrastructure of the platform. This is fixed in versions 1.3.2 and 2.1.1.
Severity
4.3 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/carrierwaveuploader/carrierwav… | x_refsource_CONFIRM |
| https://rubygems.org/gems/carrierwave/ | x_refsource_MISC |
| https://github.com/carrierwaveuploader/carrierwav… | x_refsource_MISC |
| https://github.com/carrierwaveuploader/carrierwav… | x_refsource_MISC |
| https://github.com/carrierwaveuploader/carrierwav… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| carrierwaveuploader | carrierwave |
Affected:
< 1.3.2
Affected: >= 2.0.0, < 2.1.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:09:15.747Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-fwcm-636p-68r5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://rubygems.org/gems/carrierwave/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/carrierwaveuploader/carrierwave/commit/012702eb3ba1663452aa025831caa304d1a665c0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/carrierwaveuploader/carrierwave/blob/master/CHANGELOG.md#132---2021-02-08"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/carrierwaveuploader/carrierwave/blob/master/CHANGELOG.md#211---2021-02-08"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "carrierwave",
"vendor": "carrierwaveuploader",
"versions": [
{
"status": "affected",
"version": "\u003c 1.3.2"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1 the download feature has an SSRF vulnerability, allowing attacks to provide DNS entries or IP addresses that are intended for internal use and gather information about the Intranet infrastructure of the platform. This is fixed in versions 1.3.2 and 2.1.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-08T19:15:16.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-fwcm-636p-68r5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://rubygems.org/gems/carrierwave/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/carrierwaveuploader/carrierwave/commit/012702eb3ba1663452aa025831caa304d1a665c0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/carrierwaveuploader/carrierwave/blob/master/CHANGELOG.md#132---2021-02-08"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/carrierwaveuploader/carrierwave/blob/master/CHANGELOG.md#211---2021-02-08"
}
],
"source": {
"advisory": "GHSA-fwcm-636p-68r5",
"discovery": "UNKNOWN"
},
"title": "Server-side request forgery in CarrierWave",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-21288",
"STATE": "PUBLIC",
"TITLE": "Server-side request forgery in CarrierWave"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "carrierwave",
"version": {
"version_data": [
{
"version_value": "\u003c 1.3.2"
},
{
"version_value": "\u003e= 2.0.0, \u003c 2.1.1"
}
]
}
}
]
},
"vendor_name": "carrierwaveuploader"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1 the download feature has an SSRF vulnerability, allowing attacks to provide DNS entries or IP addresses that are intended for internal use and gather information about the Intranet infrastructure of the platform. This is fixed in versions 1.3.2 and 2.1.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918: Server-Side Request Forgery (SSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-fwcm-636p-68r5",
"refsource": "CONFIRM",
"url": "https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-fwcm-636p-68r5"
},
{
"name": "https://rubygems.org/gems/carrierwave/",
"refsource": "MISC",
"url": "https://rubygems.org/gems/carrierwave/"
},
{
"name": "https://github.com/carrierwaveuploader/carrierwave/commit/012702eb3ba1663452aa025831caa304d1a665c0",
"refsource": "MISC",
"url": "https://github.com/carrierwaveuploader/carrierwave/commit/012702eb3ba1663452aa025831caa304d1a665c0"
},
{
"name": "https://github.com/carrierwaveuploader/carrierwave/blob/master/CHANGELOG.md#132---2021-02-08",
"refsource": "MISC",
"url": "https://github.com/carrierwaveuploader/carrierwave/blob/master/CHANGELOG.md#132---2021-02-08"
},
{
"name": "https://github.com/carrierwaveuploader/carrierwave/blob/master/CHANGELOG.md#211---2021-02-08",
"refsource": "MISC",
"url": "https://github.com/carrierwaveuploader/carrierwave/blob/master/CHANGELOG.md#211---2021-02-08"
}
]
},
"source": {
"advisory": "GHSA-fwcm-636p-68r5",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-21288",
"datePublished": "2021-02-08T19:15:16.000Z",
"dateReserved": "2020-12-22T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:09:15.747Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21311 (GCVE-0-2021-21311)
Vulnerability from cvelistv5 – Published: 2021-02-11 20:55 – Updated: 2025-10-21 23:35
VLAI
Title
SSRF in adminer
Summary
Adminer is an open-source database management in a single PHP file. In adminer from version 4.0.0 and before 4.7.9 there is a server-side request forgery vulnerability. Users of Adminer versions bundling all drivers (e.g. `adminer.php`) are affected. This is fixed in version 4.7.9.
Severity
7.2 (High)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/vrana/adminer/security/advisor… | x_refsource_CONFIRM |
| https://github.com/vrana/adminer/files/5957311/Ad… | x_refsource_MISC |
| https://packagist.org/packages/vrana/adminer | x_refsource_MISC |
| https://github.com/vrana/adminer/commit/ccd2374b0… | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2021… | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:09:15.132Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/vrana/adminer/security/advisories/GHSA-x5r2-hj5c-8jx6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vrana/adminer/files/5957311/Adminer.SSRF.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packagist.org/packages/vrana/adminer"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vrana/adminer/commit/ccd2374b0b12bd547417bf0dacdf153826c83351"
},
{
"name": "[debian-lts-announce] 20210302 [SECURITY] [DLA 2580-1] adminer security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00002.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-21311",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-27T03:55:28.265761Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-09-29",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-21311"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:35:27.923Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-21311"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-29T00:00:00.000Z",
"value": "CVE-2021-21311 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "adminer",
"vendor": "vrana",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.7.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Adminer is an open-source database management in a single PHP file. In adminer from version 4.0.0 and before 4.7.9 there is a server-side request forgery vulnerability. Users of Adminer versions bundling all drivers (e.g. `adminer.php`) are affected. This is fixed in version 4.7.9."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-02T21:06:28.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vrana/adminer/security/advisories/GHSA-x5r2-hj5c-8jx6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vrana/adminer/files/5957311/Adminer.SSRF.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packagist.org/packages/vrana/adminer"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vrana/adminer/commit/ccd2374b0b12bd547417bf0dacdf153826c83351"
},
{
"name": "[debian-lts-announce] 20210302 [SECURITY] [DLA 2580-1] adminer security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00002.html"
}
],
"source": {
"advisory": "GHSA-x5r2-hj5c-8jx6",
"discovery": "UNKNOWN"
},
"title": "SSRF in adminer",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-21311",
"STATE": "PUBLIC",
"TITLE": "SSRF in adminer"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "adminer",
"version": {
"version_data": [
{
"version_value": "\u003e= 4.0.0, \u003c 4.7.9"
}
]
}
}
]
},
"vendor_name": "vrana"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adminer is an open-source database management in a single PHP file. In adminer from version 4.0.0 and before 4.7.9 there is a server-side request forgery vulnerability. Users of Adminer versions bundling all drivers (e.g. `adminer.php`) are affected. This is fixed in version 4.7.9."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918: Server-Side Request Forgery (SSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/vrana/adminer/security/advisories/GHSA-x5r2-hj5c-8jx6",
"refsource": "CONFIRM",
"url": "https://github.com/vrana/adminer/security/advisories/GHSA-x5r2-hj5c-8jx6"
},
{
"name": "https://github.com/vrana/adminer/files/5957311/Adminer.SSRF.pdf",
"refsource": "MISC",
"url": "https://github.com/vrana/adminer/files/5957311/Adminer.SSRF.pdf"
},
{
"name": "https://packagist.org/packages/vrana/adminer",
"refsource": "MISC",
"url": "https://packagist.org/packages/vrana/adminer"
},
{
"name": "https://github.com/vrana/adminer/commit/ccd2374b0b12bd547417bf0dacdf153826c83351",
"refsource": "MISC",
"url": "https://github.com/vrana/adminer/commit/ccd2374b0b12bd547417bf0dacdf153826c83351"
},
{
"name": "[debian-lts-announce] 20210302 [SECURITY] [DLA 2580-1] adminer security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00002.html"
}
]
},
"source": {
"advisory": "GHSA-x5r2-hj5c-8jx6",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-21311",
"datePublished": "2021-02-11T20:55:15.000Z",
"dateReserved": "2020-12-22T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:35:27.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21342 (GCVE-0-2021-21342)
Vulnerability from cvelistv5 – Published: 2021-03-22 23:40 – Updated: 2024-08-03 18:09
VLAI
Title
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
Summary
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. An attacker can manipulate the processed input stream and replace or inject objects, that result in a server-side forgery request. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
Severity
5.3 (Medium)
Assigner
References
15 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:09:15.862Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://x-stream.github.io/security.html#workaround"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://x-stream.github.io/changes.html#1.4.16"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/x-stream/xstream/security/advisories/GHSA-hvv8-336g-rx3m"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://x-stream.github.io/CVE-2021-21342.html"
},
{
"name": "[debian-lts-announce] 20210403 [SECURITY] [DLA 2616-1] libxstream-java security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html"
},
{
"name": "[jmeter-dev] 20210406 [GitHub] [jmeter] sseide opened a new pull request #655: update x-stream to 1.4.16 (from 1.4.15)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0%40%3Cdev.jmeter.apache.org%3E"
},
{
"name": "[activemq-users] 20210427 Release date for ActiveMQ v5.16.2 to fix CVEs",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd%40%3Cusers.activemq.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210430-0002/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "FEDORA-2021-fbad11014a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/"
},
{
"name": "FEDORA-2021-d894ca87dc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "FEDORA-2021-5e376c0ed9",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/"
},
{
"name": "DSA-5004",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-5004"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xstream",
"vendor": "x-stream",
"versions": [
{
"status": "affected",
"version": "\u003c 1.4.16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. An attacker can manipulate the processed input stream and replace or inject objects, that result in a server-side forgery request. No user is affected, who followed the recommendation to setup XStream\u0027s security framework with a whitelist limited to the minimal required types. If you rely on XStream\u0027s default blacklist of the Security Framework, you will have to use at least version 1.4.16."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-07T14:41:14.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://x-stream.github.io/security.html#workaround"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://x-stream.github.io/changes.html#1.4.16"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/x-stream/xstream/security/advisories/GHSA-hvv8-336g-rx3m"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://x-stream.github.io/CVE-2021-21342.html"
},
{
"name": "[debian-lts-announce] 20210403 [SECURITY] [DLA 2616-1] libxstream-java security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html"
},
{
"name": "[jmeter-dev] 20210406 [GitHub] [jmeter] sseide opened a new pull request #655: update x-stream to 1.4.16 (from 1.4.15)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0%40%3Cdev.jmeter.apache.org%3E"
},
{
"name": "[activemq-users] 20210427 Release date for ActiveMQ v5.16.2 to fix CVEs",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd%40%3Cusers.activemq.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210430-0002/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "FEDORA-2021-fbad11014a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/"
},
{
"name": "FEDORA-2021-d894ca87dc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "FEDORA-2021-5e376c0ed9",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/"
},
{
"name": "DSA-5004",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-5004"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
}
],
"source": {
"advisory": "GHSA-hvv8-336g-rx3m",
"discovery": "UNKNOWN"
},
"title": "A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-21342",
"STATE": "PUBLIC",
"TITLE": "A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xstream",
"version": {
"version_data": [
{
"version_value": "\u003c 1.4.16"
}
]
}
}
]
},
"vendor_name": "x-stream"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. An attacker can manipulate the processed input stream and replace or inject objects, that result in a server-side forgery request. No user is affected, who followed the recommendation to setup XStream\u0027s security framework with a whitelist limited to the minimal required types. If you rely on XStream\u0027s default blacklist of the Security Framework, you will have to use at least version 1.4.16."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-918 Server-Side Request Forgery (SSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://x-stream.github.io/security.html#workaround",
"refsource": "MISC",
"url": "https://x-stream.github.io/security.html#workaround"
},
{
"name": "http://x-stream.github.io/changes.html#1.4.16",
"refsource": "MISC",
"url": "http://x-stream.github.io/changes.html#1.4.16"
},
{
"name": "https://github.com/x-stream/xstream/security/advisories/GHSA-hvv8-336g-rx3m",
"refsource": "CONFIRM",
"url": "https://github.com/x-stream/xstream/security/advisories/GHSA-hvv8-336g-rx3m"
},
{
"name": "https://x-stream.github.io/CVE-2021-21342.html",
"refsource": "MISC",
"url": "https://x-stream.github.io/CVE-2021-21342.html"
},
{
"name": "[debian-lts-announce] 20210403 [SECURITY] [DLA 2616-1] libxstream-java security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html"
},
{
"name": "[jmeter-dev] 20210406 [GitHub] [jmeter] sseide opened a new pull request #655: update x-stream to 1.4.16 (from 1.4.15)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0@%3Cdev.jmeter.apache.org%3E"
},
{
"name": "[activemq-users] 20210427 Release date for ActiveMQ v5.16.2 to fix CVEs",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd@%3Cusers.activemq.apache.org%3E"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210430-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210430-0002/"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "FEDORA-2021-fbad11014a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/"
},
{
"name": "FEDORA-2021-d894ca87dc",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "FEDORA-2021-5e376c0ed9",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/"
},
{
"name": "DSA-5004",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-5004"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
}
]
},
"source": {
"advisory": "GHSA-hvv8-336g-rx3m",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-21342",
"datePublished": "2021-03-22T23:40:39.000Z",
"dateReserved": "2020-12-22T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:09:15.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
No mitigation information available for this CWE.
CAPEC-664: Server Side Request Forgery
An adversary exploits improper input validation by submitting maliciously crafted input to a target application running on a server, with the goal of forcing the server to make a request either to itself, to web services running in the server’s internal network, or to external third parties. If successful, the adversary’s request will be made with the server’s privilege level, bypassing its authentication controls. This ultimately allows the adversary to access sensitive data, execute commands on the server’s network, and make external requests with the stolen identity of the server. Server Side Request Forgery attacks differ from Cross Site Request Forgery attacks in that they target the server itself, whereas CSRF attacks exploit an insecure user authentication mechanism to perform unauthorized actions on the user's behalf.