{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-25195", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2023-02-06T01:32:05.395Z", "datePublished": "2023-03-28T11:16:28.304Z", "dateUpdated": "2024-08-02T11:18:36.247Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Apache Fineract", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "1.8.3", "status": "affected", "version": "1.4", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "Huydoppa from GHTK "}, {"lang": "en", "type": "remediation developer", "value": "Aleksander"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache Fineract.<br><p>Authorized users with limited permissions can gain access to server and may be able to use server for any outbound traffic.&nbsp;</p><p>This issue affects Apache Fineract: from 1.4 through 1.8.3.</p>"}], "value": "Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache Fineract.\nAuthorized users with limited permissions can gain access to server and may be able to use server for any outbound traffic.\u00a0\n\nThis issue affects Apache Fineract: from 1.4 through 1.8.3.\n\n"}], "metrics": [{"other": {"content": {"text": "moderate"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2023-03-28T11:16:28.304Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/m58fdjmtkfp9h4c0r4l48rv995w3qhb6"}], "source": {"discovery": "EXTERNAL"}, "title": "Apache Fineract: SSRF template type vulnerability in certain authenticated users", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:18:36.247Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.apache.org/thread/m58fdjmtkfp9h4c0r4l48rv995w3qhb6"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:fineract:*:*:*:*:*:*:*:*", "matchCriteriaId": "DB9B39C7-A96B-4603-A685-AB1017E24E4D", "versionEndIncluding": "1.8.3", "versionStartIncluding": "1.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache Fineract.\nAuthorized users with limited permissions can gain access to server and may be able to use server for any outbound traffic.\u00a0\n\nThis issue affects Apache Fineract: from 1.4 through 1.8.3.\n\n"}], "id": "CVE-2023-25195", "lastModified": "2023-11-07T04:08:56.857", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-03-28T12:15:07.280", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread/m58fdjmtkfp9h4c0r4l48rv995w3qhb6"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "security@apache.org", "type": "Primary"}]}

{}