{"vulnerability": "CVE-2023-28633", "sightings": [{"uuid": "fe59cc4f-93be-4201-be13-ad1d4e504bb7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-28633", "type": "seen", "source": "https://t.me/cibsecurity/61479", "content": "\u203c CVE-2023-28633 \u203c\n\nGLPI is a free asset and IT management software package. Starting in version 0.84 and prior to versions 9.5.13 and 10.0.7, usage of RSS feeds is subject to server-side request forgery (SSRF). In case the remote address is not a valid RSS feed, an RSS autodiscovery feature is triggered. This feature does not check safety or URLs. Versions 9.5.13 and 10.0.7 contain a patch for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-05T20:26:32.000000Z"}]}