Total
1279 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-46725 | 1 Foodcoopshop | 1 Foodcoopshop | 2024-09-12 | 8.1 High |
| FoodCoopShop is open source software for food coops and local shops. Versions starting with 3.2.0 prior to 3.6.1 are vulnerable to server-side request forgery. In the Network module, a manufacturer account can use the `/api/updateProducts.json` endpoint to make the server send a request to an arbitrary host. This means that the server can be used as a proxy into the internal network where the server is. Furthermore, the checks on a valid image are not adequate, leading to a time of check time of use issue. For example, by using a custom server that returns 200 on HEAD requests, then return a valid image on first GET request and then a 302 redirect to final target on second GET request, the server will copy whatever file is at the redirect destination, making this a full SSRF. Version 3.6.1 fixes this vulnerability. | ||||
| CVE-2023-46229 | 1 Langchain | 1 Langchain | 2024-09-12 | 8.8 High |
| LangChain before 0.0.317 allows SSRF via document_loaders/recursive_url_loader.py because crawling can proceed from an external server to an internal server. | ||||
| CVE-2023-45822 | 1 Artifacthub | 1 Hub | 2024-09-12 | 3.7 Low |
| Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which a default unsafe rego built-in was allowed to be used when defining authorization policies. Artifact Hub includes a fine-grained authorization mechanism that allows organizations to define what actions can be performed by their members. It is based on customizable authorization policies that are enforced by the `Open Policy Agent`. Policies are written using `rego` and their data files are expected to be json documents. By default, `rego` allows policies to make HTTP requests, which can be abused to send requests to internal resources and forward the responses to an external entity. In the context of Artifact Hub, this capability should have been disabled. This issue has been resolved in version `1.16.0`. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-45966 | 1 Remark42 | 1 Remark42 | 2024-09-12 | 7.5 High |
| umputun remark42 version 1.12.1 and before has a Blind Server-Side Request Forgery (SSRF) vulnerability. | ||||
| CVE-2023-41899 | 1 Home-assistant | 1 Home-assistant | 2024-09-12 | 6.6 Medium |
| Home assistant is an open source home automation. In affected versions the `hassio.addon_stdin` is vulnerable to a partial Server-Side Request Forgery where an attacker capable of calling this service (e.g.: through GHSA-h2jp-7grc-9xpp) may be able to invoke any Supervisor REST API endpoints with a POST request. An attacker able to exploit will be able to control the data dictionary, including its addon and input key/values. This issue has been addressed in version 2023.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as GitHub Security Lab (GHSL) Vulnerability Report: `GHSL-2023-162`. | ||||
| CVE-2023-44256 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-09-12 | 6.4 Medium |
| A server-side request forgery vulnerability [CWE-918] in Fortinet FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 and FortiManager version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 allows a remote attacker with low privileges to view sensitive data from internal servers or perform a local port scan via a crafted HTTP request. | ||||
| CVE-2024-41737 | 1 Sap | 1 Crm Abap Insights Management | 2024-09-12 | 5 Medium |
| SAP CRM ABAP (Insights Management) allows an authenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of the application. | ||||
| CVE-2023-41339 | 1 Osgeo | 1 Geoserver | 2024-09-11 | 8.6 High |
| GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The WMS specification defines an ``sld=<url>`` parameter for GetMap, GetLegendGraphic and GetFeatureInfo operations for user supplied "dynamic styling". Enabling the use of dynamic styles, without also configuring URL checks, provides the opportunity for Service Side Request Forgery. This vulnerability can be used to steal user NetNTLMv2 hashes which could be relayed or cracked externally to gain further access. This vulnerability has been patched in versions 2.22.5 and 2.23.2. | ||||
| CVE-2023-46124 | 1 Ethyca | 1 Fides | 2024-09-11 | 8.2 High |
| Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, and the enforcement of privacy regulations in code. The Fides web application allows a custom integration to be uploaded as a ZIP file containing configuration and dataset definitions in YAML format. It was discovered that specially crafted YAML dataset and config files allow a malicious user to perform arbitrary requests to internal systems and exfiltrate data outside the environment (also known as a Server-Side Request Forgery). The application does not perform proper validation to block attempts to connect to internal (including localhost) resources. The vulnerability has been patched in Fides version `2.22.1`. | ||||
| CVE-2024-22217 | 1 Terminalfour | 1 Terminalfour | 2024-09-11 | 6.5 Medium |
| A Server-Side Request Forgery (SSRF) vulnerability in Terminalfour before 8.3.19 allows authenticated users to use specific features to access internal services including sensitive information on the server that Terminalfour runs on. | ||||
| CVE-2023-37230 | 1 Loftware | 1 Spectrum | 2024-09-10 | 8.8 High |
| Loftware Spectrum (testDeviceConnection) before 5.1 allows SSRF. | ||||
| CVE-2023-37229 | 1 Loftware | 1 Spectrum | 2024-09-10 | 8.8 High |
| Loftware Spectrum before 5.1 allows SSRF. | ||||
| CVE-2023-46502 | 1 Opencrx | 1 Opencrx | 2024-09-09 | 9.8 Critical |
| An issue in openCRX v.5.2.2 allows a remote attacker to read internal files and execute server side request forgery attack via insecure DocumentBuilderFactory. | ||||
| CVE-2024-44721 | 1 Seacms | 1 Seacms | 2024-09-09 | 9.8 Critical |
| SeaCMS v13.1 was discovered to a Server-Side Request Forgery (SSRF) via the url parameter at /admin_reslib.php. | ||||
| CVE-2024-37171 | 1 Sap | 2 Saptmui, Transportation Management | 2024-09-09 | 5 Medium |
| SAP Transportation Management (Collaboration Portal) allows an attacker with non-administrative privileges to send a crafted request from a vulnerable web application. This will trigger the application handler to send a request to an unintended service, which may reveal information about that service. The information obtained could be used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request Forgery vulnerability. There is no effect on integrity or availability of the application. | ||||
| CVE-2024-34689 | 1 Sap | 2 Business Workflow, Sap Basis | 2024-09-09 | 5 Medium |
| WebFlow Services of SAP Business Workflow allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of the application. | ||||
| CVE-2024-40718 | 1 Veeam | 2 Backup For Nutanix Ahv, Backup For Oracle Linux Virtualization Manager And Red Hat Virtualization | 2024-09-09 | N/A |
| A server side request forgery vulnerability allows a low-privileged user to perform local privilege escalation through exploiting an SSRF vulnerability. | ||||
| CVE-2024-39713 | 1 Rocket.chat | 1 Rocket.chat | 2024-09-06 | 8.6 High |
| A Server-Side Request Forgery (SSRF) affects Rocket.Chat's Twilio webhook endpoint before version 6.10.1. | ||||
| CVE-2024-24759 | 1 Mindsdb | 1 Mindsdb | 2024-09-06 | 9.3 Critical |
| MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 23.12.4.2, a threat actor can bypass the server-side request forgery protection on the whole website with DNS Rebinding. The vulnerability can also lead to denial of service. Version 23.12.4.2 contains a patch. | ||||
| CVE-2023-43798 | 1 Bigbluebutton | 1 Bigbluebutton | 2024-09-05 | 5.6 Medium |
| BigBlueButton is an open-source virtual classroom. BigBlueButton prior to versions 2.6.12 and 2.7.0-rc.1 is vulnerable to Server-Side Request Forgery (SSRF). This issue is a bypass of CVE-2023-33176. A patch in versions 2.6.12 and 2.7.0-rc.1 disabled follow redirect at `httpclient.execute` since the software no longer has to follow it when using `finalUrl`. There are no known workarounds. We recommend upgrading to a patched version of BigBlueButton. | ||||