CWE-918
Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
CVE-2024-56471 (GCVE-0-2024-56471)
Vulnerability from cvelistv5 – Published: 2025-02-05 22:55 – Updated: 2025-02-22 22:14
VLAI
Title
IBM Aspera Shares Server-Side Request Forgery
Summary
IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
Severity
5.4 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7182490 | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Aspera Shares |
Affected:
1.9.0 , ≤ 1.10.0 PL6
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-56471",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T15:03:28.644734Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T15:07:15.517Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Aspera Shares",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "1.10.0 PL6",
"status": "affected",
"version": "1.9.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Aspera Shares\u0026nbsp;1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. \u003c/p\u003e"
}
],
"value": "IBM Aspera Shares\u00a01.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-22T22:14:07.088Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7182490"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Aspera Shares Server-Side Request Forgery",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-56471",
"datePublished": "2025-02-05T22:55:49.472Z",
"dateReserved": "2024-12-26T12:51:26.634Z",
"dateUpdated": "2025-02-22T22:14:07.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-56736 (GCVE-0-2024-56736)
Vulnerability from cvelistv5 – Published: 2025-04-16 15:38 – Updated: 2025-04-16 18:03
VLAI
Title
Apache HertzBeat: Server-Side Request Forgery (SSRF) in Api Config Oss
Summary
Server-Side Request Forgery (SSRF) vulnerability in Apache HertzBeat.
This issue affects Apache HertzBeat (incubating): before 1.7.0.
Users are recommended to upgrade to version 1.7.0, which fixes the issue.
Severity
No CVSS data available.
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://lists.apache.org/thread/kdzg36h9yxp0q0n4l… | vendor-advisory |
| https://lists.apache.org/thread/lwfhsllos1rx9v8k0… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache HertzBeat |
Affected:
0 , < 1.7.0
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-56736",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:58:05.077389Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T15:58:29.014Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-04-16T18:03:38.561Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/04/16/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache HertzBeat",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "1.7.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "tonghuaroot"
},
{
"lang": "en",
"type": "finder",
"value": "zyufoye"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eServer-Side Request Forgery (SSRF) vulnerability in Apache HertzBeat.\u003c/p\u003e\u003cp\u003eThis issue affects Apache HertzBeat (incubating): before 1.7.0.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 1.7.0, which fixes the issue.\u003c/p\u003e"
}
],
"value": "Server-Side Request Forgery (SSRF) vulnerability in Apache HertzBeat.\n\nThis issue affects Apache HertzBeat (incubating): before 1.7.0.\n\nUsers are recommended to upgrade to version 1.7.0, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T15:38:11.307Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/kdzg36h9yxp0q0n4lhcfppxntjy8rj1x"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/lwfhsllos1rx9v8k0yhl252cbpqpn0sv"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache HertzBeat: Server-Side Request Forgery (SSRF) in Api Config Oss",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-56736",
"datePublished": "2025-04-16T15:38:11.307Z",
"dateReserved": "2024-12-28T04:17:54.835Z",
"dateUpdated": "2025-04-16T18:03:38.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-56800 (GCVE-0-2024-56800)
Vulnerability from cvelistv5 – Published: 2024-12-30 18:23 – Updated: 2024-12-30 23:13
VLAI
Title
Firecrawl has SSRF Vulnerability via malicious scrape target
Summary
Firecrawl is a web scraper that allows users to extract the content of a webpage for a large language model. Versions prior to 1.1.1 contain a server-side request forgery (SSRF) vulnerability. The scraping engine could be exploited by crafting a malicious site that redirects to a local IP address. This allowed exfiltration of local network resources through the API. The cloud service was patched on December 27th, 2024, and the maintainers have checked that no user data was exposed by this vulnerability. Scraping engines used in the open sourced version of Firecrawl were patched on December 29th, 2024, except for the playwright services which the maintainers have determined to be un-patchable. All users of open-source software (OSS) Firecrawl should upgrade to v1.1.1. As a workaround, OSS Firecrawl users should supply the playwright services with a secure proxy. A proxy can be specified through the `PROXY_SERVER` env in the environment variables. Please refer to the documentation for instructions. Ensure that the proxy server one is using is setup to block all traffic going to link-local IP addresses.
Severity
7.4 (High)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/mendableai/firecrawl/security/… | x_refsource_CONFIRM |
| https://github.com/mendableai/firecrawl/commit/4d… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| mendableai | firecrawl |
Affected:
< 1.1.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-56800",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-30T23:13:01.470359Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-30T23:13:14.193Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "firecrawl",
"vendor": "mendableai",
"versions": [
{
"status": "affected",
"version": "\u003c 1.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firecrawl is a web scraper that allows users to extract the content of a webpage for a large language model. Versions prior to 1.1.1 contain a server-side request forgery (SSRF) vulnerability. The scraping engine could be exploited by crafting a malicious site that redirects to a local IP address. This allowed exfiltration of local network resources through the API. The cloud service was patched on December 27th, 2024, and the maintainers have checked that no user data was exposed by this vulnerability. Scraping engines used in the open sourced version of Firecrawl were patched on December 29th, 2024, except for the playwright services which the maintainers have determined to be un-patchable. All users of open-source software (OSS) Firecrawl should upgrade to v1.1.1. As a workaround, OSS Firecrawl users should supply the playwright services with a secure proxy. A proxy can be specified through the `PROXY_SERVER` env in the environment variables. Please refer to the documentation for instructions. Ensure that the proxy server one is using is setup to block all traffic going to link-local IP addresses."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-30T18:23:42.286Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/mendableai/firecrawl/security/advisories/GHSA-vjp8-2wgg-p734",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mendableai/firecrawl/security/advisories/GHSA-vjp8-2wgg-p734"
},
{
"name": "https://github.com/mendableai/firecrawl/commit/4d1f92f4c8c36403022428285a03621fd90d62ec",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mendableai/firecrawl/commit/4d1f92f4c8c36403022428285a03621fd90d62ec"
}
],
"source": {
"advisory": "GHSA-vjp8-2wgg-p734",
"discovery": "UNKNOWN"
},
"title": "Firecrawl has SSRF Vulnerability via malicious scrape target"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-56800",
"datePublished": "2024-12-30T18:23:42.286Z",
"dateReserved": "2024-12-30T16:06:49.011Z",
"dateUpdated": "2024-12-30T23:13:14.193Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5736 (GCVE-0-2024-5736)
Vulnerability from cvelistv5 – Published: 2024-06-28 11:26 – Updated: 2024-08-01 21:18
VLAI
Title
SSRF in AdmirorFrames Joomla! Extension
Summary
Server Side Request Forgery (SSRF) vulnerability in AdmirorFrames Joomla! extension in afGdStream.php script allows to access local files or server pages available only from localhost. This issue affects AdmirorFrames: before 5.0.
Severity
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://cert.pl/en/posts/2024/06/CVE-2024-5735/ | third-party-advisory |
| https://cert.pl/posts/2024/06/CVE-2024-5735/ | third-party-advisory |
| https://github.com/vasiljevski/admirorframes/issues/3 | issue-tracking |
| https://github.com/sectroyer/CVEs/tree/main/CVE-2… | technical-description |
| https://github.com/afine-com/CVE-2024-5736 | technical-description |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Nikola Vasilijevski | AdmirorFrames |
Affected:
0 , < 5.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5736",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-28T20:15:27.174368Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T20:15:34.356Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:18:06.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://cert.pl/en/posts/2024/06/CVE-2024-5735/"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://cert.pl/posts/2024/06/CVE-2024-5735/"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/vasiljevski/admirorframes/issues/3"
},
{
"tags": [
"technical-description",
"x_transferred"
],
"url": "https://github.com/sectroyer/CVEs/tree/main/CVE-2024-5736"
},
{
"tags": [
"technical-description",
"x_transferred"
],
"url": "https://github.com/afine-com/CVE-2024-5736"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.admiror-design-studio.com/admiror-joomla-extensions/admiror-frames",
"defaultStatus": "unaffected",
"platforms": [
"Joomla!"
],
"product": "AdmirorFrames",
"repo": "https://github.com/vasiljevski/admirorframes",
"vendor": "Nikola Vasilijevski",
"versions": [
{
"lessThan": "5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marcin Wyczechowski [AFINE Team]"
},
{
"lang": "en",
"type": "finder",
"value": "Micha\u0142 Majchrowicz [AFINE Team]"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Server Side Request Forgery (SSRF) vulnerability in AdmirorFrames Joomla! extension in afGdStream.php script allows to access local files or server pages available only from localhost.\u0026nbsp;\u003cp\u003eThis issue affects AdmirorFrames: before 5.0.\u003c/p\u003e"
}
],
"value": "Server Side Request Forgery (SSRF) vulnerability in AdmirorFrames Joomla! extension in afGdStream.php script allows to access local files or server pages available only from localhost.\u00a0This issue affects AdmirorFrames: before 5.0."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/AU:Y/R:U/V:D/RE:L/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T11:47:27.875Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/en/posts/2024/06/CVE-2024-5735/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/posts/2024/06/CVE-2024-5735/"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/vasiljevski/admirorframes/issues/3"
},
{
"tags": [
"technical-description"
],
"url": "https://github.com/sectroyer/CVEs/tree/main/CVE-2024-5736"
},
{
"tags": [
"technical-description"
],
"url": "https://github.com/afine-com/CVE-2024-5736"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SSRF in AdmirorFrames Joomla! Extension",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2024-5736",
"datePublished": "2024-06-28T11:26:53.512Z",
"dateReserved": "2024-06-07T06:09:42.924Z",
"dateUpdated": "2024-08-01T21:18:06.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5746 (GCVE-0-2024-5746)
Vulnerability from cvelistv5 – Published: 2024-06-20 21:31 – Updated: 2024-08-01 21:18
VLAI
Summary
A Server-Side Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with the Site Administrator role to gain arbitrary code execution capability on the GitHub Enterprise Server instance. Exploitation required authenticated access to GitHub Enterprise Server as a user with the Site Administrator role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13 and was fixed in versions 3.12.5, 3.11.11, 3.10.13, and 3.9.16. This vulnerability was reported via the GitHub Bug Bounty program.
Severity
7.6 (High)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| GitHub | GitHub Enterprise Server |
Affected:
3.9.0 , ≤ 3.9.15
(semver)
Affected: 3.10.0 , ≤ 3.10.12 (semver) Affected: 3.11.0 , ≤ 3.11.10 (semver) Affected: 3.12.0 , ≤ 3.12.4 (semver) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5746",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-24T15:08:08.152541Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-24T15:08:21.753Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:18:07.077Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.16"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.13"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.11"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GitHub Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"lessThanOrEqual": "3.9.15",
"status": "affected",
"version": "3.9.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.10.12",
"status": "affected",
"version": "3.10.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.11.10",
"status": "affected",
"version": "3.11.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.12.4",
"status": "affected",
"version": "3.12.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "r31n"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Server-Side Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with the Site Administrator role to gain arbitrary code execution capability on the GitHub Enterprise Server instance. Exploitation required authenticated access to GitHub Enterprise Server as a user with the Site Administrator role.\u0026nbsp;\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eThis vulnerability affected all versions of GitHub Enterprise Server prior to 3.13 and was fixed in versions 3.12.5, 3.11.11, 3.10.13, and 3.9.16. This vulnerability was reported via the GitHub Bug Bounty program.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A Server-Side Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with the Site Administrator role to gain arbitrary code execution capability on the GitHub Enterprise Server instance. Exploitation required authenticated access to GitHub Enterprise Server as a user with the Site Administrator role.\u00a0This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13 and was fixed in versions 3.12.5, 3.11.11, 3.10.13, and 3.9.16. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"impacts": [
{
"capecId": "CAPEC-664",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-664 Server Side Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T21:31:37.111Z",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.16"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.13"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.11"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.5"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2024-5746",
"datePublished": "2024-06-20T21:31:37.111Z",
"dateReserved": "2024-06-07T13:04:45.562Z",
"dateUpdated": "2024-08-01T21:18:07.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5822 (GCVE-0-2024-5822)
Vulnerability from cvelistv5 – Published: 2024-06-27 18:44 – Updated: 2024-08-01 21:25
VLAI
Title
Server-Side Request Forgery (SSRF) in gaizhenbiao/ChuanhuChatGPT
Summary
A Server-Side Request Forgery (SSRF) vulnerability exists in the upload processing interface of gaizhenbiao/ChuanhuChatGPT versions <= ChuanhuChatGPT-20240410-git.zip. This vulnerability allows attackers to send crafted requests from the vulnerable server to internal or external resources, potentially bypassing security controls and accessing sensitive data.
Severity
7.3 (High)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| gaizhenbiao | gaizhenbiao/chuanhuchatgpt |
Affected:
unspecified , ≤ latest
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20240410:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "chuanhuchatgpt",
"vendor": "gaizhenbiao",
"versions": [
{
"status": "affected",
"version": "20240410"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5822",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-05T14:05:27.327762Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T19:25:53.289Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:25:02.741Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.com/bounties/b24f1b5f-a529-435b-ac4d-5ca71d5d1fb5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gaizhenbiao/chuanhuchatgpt",
"vendor": "gaizhenbiao",
"versions": [
{
"lessThanOrEqual": "latest",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Server-Side Request Forgery (SSRF) vulnerability exists in the upload processing interface of gaizhenbiao/ChuanhuChatGPT versions \u003c= ChuanhuChatGPT-20240410-git.zip. This vulnerability allows attackers to send crafted requests from the vulnerable server to internal or external resources, potentially bypassing security controls and accessing sensitive data."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T18:44:48.521Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/b24f1b5f-a529-435b-ac4d-5ca71d5d1fb5"
}
],
"source": {
"advisory": "b24f1b5f-a529-435b-ac4d-5ca71d5d1fb5",
"discovery": "EXTERNAL"
},
"title": "Server-Side Request Forgery (SSRF) in gaizhenbiao/ChuanhuChatGPT"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2024-5822",
"datePublished": "2024-06-27T18:44:48.521Z",
"dateReserved": "2024-06-10T21:04:40.888Z",
"dateUpdated": "2024-08-01T21:25:02.741Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5885 (GCVE-0-2024-5885)
Vulnerability from cvelistv5 – Published: 2024-06-27 18:45 – Updated: 2024-08-01 21:25
VLAI
Title
Server-Side Request Forgery (SSRF) in stangirard/quivr
Summary
stangirard/quivr version 0.0.236 contains a Server-Side Request Forgery (SSRF) vulnerability. The application does not provide sufficient controls when crawling a website, allowing an attacker to access applications on the local network. This vulnerability could allow a malicious user to gain access to internal servers, the AWS metadata endpoint, and capture Supabase data.
Severity
8.6 (High)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| stangirard | stangirard/quivr |
Affected:
unspecified , ≤ latest
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:stangirard:quivr:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "quivr",
"vendor": "stangirard",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:stangirard:quivr:0.0.236:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "quivr",
"vendor": "stangirard",
"versions": [
{
"status": "affected",
"version": "0.0.236"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5885",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-02T19:40:28.096464Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-02T19:48:11.929Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:25:03.160Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.com/bounties/c178bf48-1d4a-4743-87ca-4cc8e475d274"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "stangirard/quivr",
"vendor": "stangirard",
"versions": [
{
"lessThanOrEqual": "latest",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "stangirard/quivr version 0.0.236 contains a Server-Side Request Forgery (SSRF) vulnerability. The application does not provide sufficient controls when crawling a website, allowing an attacker to access applications on the local network. This vulnerability could allow a malicious user to gain access to internal servers, the AWS metadata endpoint, and capture Supabase data."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T18:45:19.519Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/c178bf48-1d4a-4743-87ca-4cc8e475d274"
}
],
"source": {
"advisory": "c178bf48-1d4a-4743-87ca-4cc8e475d274",
"discovery": "EXTERNAL"
},
"title": "Server-Side Request Forgery (SSRF) in stangirard/quivr"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2024-5885",
"datePublished": "2024-06-27T18:45:19.519Z",
"dateReserved": "2024-06-11T21:40:44.149Z",
"dateUpdated": "2024-08-01T21:25:03.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5917 (GCVE-0-2024-5917)
Vulnerability from cvelistv5 – Published: 2024-11-14 09:39 – Updated: 2025-01-15 22:24
VLAI
Title
PAN-OS: Server-Side Request Forgery in WildFire
Summary
A server-side request forgery in PAN-OS software enables an authenticated attacker with administrative privileges to use the administrative web interface as a proxy, which enables the attacker to view internal network resources not otherwise accessible.
Severity
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security.paloaltonetworks.com/CVE-2024-5917 | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Palo Alto Networks | Cloud NGFW |
Unaffected:
All
|
|
| Palo Alto Networks | PAN-OS |
Unaffected:
11.2.0
Unaffected: 11.1.0 Unaffected: 11.0.0 Affected: 10.2.0 , < 10.2.2 (custom) Affected: 10.1.0 , < 10.1.7 (custom) |
Date Public
2024-11-13 18:00
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:paloaltonetworks:cloud_ngfw:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cloud_ngfw",
"vendor": "paloaltonetworks",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:paloaltonetworks:pan-os:11.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pan-os",
"vendor": "paloaltonetworks",
"versions": [
{
"status": "affected",
"version": "11.2.0"
}
]
},
{
"cpes": [
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pan-os",
"vendor": "paloaltonetworks",
"versions": [
{
"status": "affected",
"version": "11.1.0"
}
]
},
{
"cpes": [
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pan-os",
"vendor": "paloaltonetworks",
"versions": [
{
"status": "affected",
"version": "11.0.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pan-os",
"vendor": "paloaltonetworks",
"versions": [
{
"lessThan": "10.2.2",
"status": "affected",
"version": "10.2.0",
"versionType": "custom"
},
{
"lessThan": "10.1.7",
"status": "affected",
"version": "10.1.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5917",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-14T18:58:18.463866Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T19:35:37.894Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cloud NGFW",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PAN-OS",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "11.2.0"
},
{
"status": "unaffected",
"version": "11.1.0"
},
{
"status": "unaffected",
"version": "11.0.0"
},
{
"changes": [
{
"at": "10.2.2",
"status": "unaffected"
}
],
"lessThan": "10.2.2",
"status": "affected",
"version": "10.2.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.1.7",
"status": "unaffected"
}
],
"lessThan": "10.1.7",
"status": "affected",
"version": "10.1.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Your network is impacted only if you enabled the WildFire Forwarding feature in your firewall. You can find this setting at Device \u2192 Setup \u2192 WildFire."
}
],
"value": "Your network is impacted only if you enabled the WildFire Forwarding feature in your firewall. You can find this setting at Device \u2192 Setup \u2192 WildFire."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Baker from AC3"
}
],
"datePublic": "2024-11-13T18:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A server-side request forgery in PAN-OS software enables an authenticated attacker with administrative privileges to use the administrative web interface as a proxy, which enables the attacker to view internal network resources not otherwise accessible."
}
],
"value": "A server-side request forgery in PAN-OS software enables an authenticated attacker with administrative privileges to use the administrative web interface as a proxy, which enables the attacker to view internal network resources not otherwise accessible."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-664",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-664 Server Side Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 2.1,
"baseSeverity": "LOW",
"privilegesRequired": "HIGH",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:L/SI:N/SA:N/AU:N/R:A/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-15T22:24:12.795Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-5917"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in PAN-OS 10.1.7, PAN-OS 10.2.2, and all later PAN-OS versions."
}
],
"value": "This issue is fixed in PAN-OS 10.1.7, PAN-OS 10.2.2, and all later PAN-OS versions."
}
],
"source": {
"defect": [
"PAN-115469"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-11-13T17:00:00.000Z",
"value": "Initial publication"
}
],
"title": "PAN-OS: Server-Side Request Forgery in WildFire",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2024-5917",
"datePublished": "2024-11-14T09:39:40.266Z",
"dateReserved": "2024-06-12T15:27:57.001Z",
"dateUpdated": "2025-01-15T22:24:12.795Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6095 (GCVE-0-2024-6095)
Vulnerability from cvelistv5 – Published: 2024-07-06 17:48 – Updated: 2024-08-01 21:33
VLAI
Title
SSRF and Partial LFI in /models/apply Endpoint in mudler/localai
Summary
A vulnerability in the /models/apply endpoint of mudler/localai versions 2.15.0 allows for Server-Side Request Forgery (SSRF) and partial Local File Inclusion (LFI). The endpoint supports both http(s):// and file:// schemes, where the latter can lead to LFI. However, the output is limited due to the length of the error message. This vulnerability can be exploited by an attacker with network access to the LocalAI instance, potentially allowing unauthorized access to internal HTTP(s) servers and partial reading of local files. The issue is fixed in version 2.17.
Severity
5.8 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| mudler | mudler/localai |
Affected:
unspecified , < 2.17
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mudler:localai:2.15.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "localai",
"vendor": "mudler",
"versions": [
{
"lessThan": "2.17.0",
"status": "affected",
"version": "2.15.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6095",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-07T19:17:19.197506Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-07T19:18:06.138Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:33:03.282Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.com/bounties/4799262d-72dc-43c8-bc99-81d0dce996dc"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mudler/localai/commit/2fc6fe806b903ac0a70218b21b5c84443a1b0866"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mudler/localai",
"vendor": "mudler",
"versions": [
{
"lessThan": "2.17",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the /models/apply endpoint of mudler/localai versions 2.15.0 allows for Server-Side Request Forgery (SSRF) and partial Local File Inclusion (LFI). The endpoint supports both http(s):// and file:// schemes, where the latter can lead to LFI. However, the output is limited due to the length of the error message. This vulnerability can be exploited by an attacker with network access to the LocalAI instance, potentially allowing unauthorized access to internal HTTP(s) servers and partial reading of local files. The issue is fixed in version 2.17."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-06T17:48:46.735Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/4799262d-72dc-43c8-bc99-81d0dce996dc"
},
{
"url": "https://github.com/mudler/localai/commit/2fc6fe806b903ac0a70218b21b5c84443a1b0866"
}
],
"source": {
"advisory": "4799262d-72dc-43c8-bc99-81d0dce996dc",
"discovery": "EXTERNAL"
},
"title": "SSRF and Partial LFI in /models/apply Endpoint in mudler/localai"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2024-6095",
"datePublished": "2024-07-06T17:48:46.735Z",
"dateReserved": "2024-06-17T18:56:07.507Z",
"dateUpdated": "2024-08-01T21:33:03.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6424 (GCVE-0-2024-6424)
Vulnerability from cvelistv5 – Published: 2024-07-01 12:54 – Updated: 2024-08-01 21:41
VLAI
Title
Server-Side Request Forgery vulnerability in MESbook
Summary
External server-side request vulnerability in MESbook 20221021.03 version, which could allow a remote, unauthenticated attacker to exploit the endpoint "/api/Proxy/Post?userName=&password=&uri=<FILE|INTERNAL URL|IP/HOST" or "/api/Proxy/Get?userName=&password=&uri=<ARCHIVO|URL INTERNA|IP/HOST" to read the source code of web files, read internal files or access network resources.
Severity
9.3 (Critical)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
1 reference
Date Public
2024-07-01 11:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6424",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-01T21:19:58.355797Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-01T21:20:07.272Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:41:03.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-mesbook"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MESbook",
"vendor": "MESbook",
"versions": [
{
"status": "affected",
"version": "20221021.03"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "David Ut\u00f3n Amaya (m3n0sd0n4ld)"
}
],
"datePublic": "2024-07-01T11:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "External server-side request vulnerability in MESbook 20221021.03 version, which could allow a remote, unauthenticated attacker to exploit the endpoint \"/api/Proxy/Post?userName=\u0026amp;password=\u0026amp;uri=\u0026lt;FILE|INTERNAL URL|IP/HOST\" or \"/api/Proxy/Get?userName=\u0026amp;password=\u0026amp;uri=\u0026lt;ARCHIVO|URL INTERNA|IP/HOST\" to read the source code of web files, read internal files or access network resources."
}
],
"value": "External server-side request vulnerability in MESbook 20221021.03 version, which could allow a remote, unauthenticated attacker to exploit the endpoint \"/api/Proxy/Post?userName=\u0026password=\u0026uri=\u003cFILE|INTERNAL URL|IP/HOST\" or \"/api/Proxy/Get?userName=\u0026password=\u0026uri=\u003cARCHIVO|URL INTERNA|IP/HOST\" to read the source code of web files, read internal files or access network resources."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-01T12:56:59.275Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-mesbook"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Server-Side Request Forgery vulnerability in MESbook",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2024-6424",
"datePublished": "2024-07-01T12:54:20.749Z",
"dateReserved": "2024-07-01T09:36:50.138Z",
"dateUpdated": "2024-08-01T21:41:03.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
No mitigation information available for this CWE.
CAPEC-664: Server Side Request Forgery
An adversary exploits improper input validation by submitting maliciously crafted input to a target application running on a server, with the goal of forcing the server to make a request either to itself, to web services running in the server’s internal network, or to external third parties. If successful, the adversary’s request will be made with the server’s privilege level, bypassing its authentication controls. This ultimately allows the adversary to access sensitive data, execute commands on the server’s network, and make external requests with the stolen identity of the server. Server Side Request Forgery attacks differ from Cross Site Request Forgery attacks in that they target the server itself, whereas CSRF attacks exploit an insecure user authentication mechanism to perform unauthorized actions on the user's behalf.