Description
An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. This allows attackers to obtain sensitive information
Published: 2026-03-11
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Server-Side Request Forgery allows unauthorized access to sensitive data
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is a Server‑Side Request Forgery (CWE‑918) in Sunbird‑Ed SunbirdEd‑portal v1.13.4. It enables an attacker to send requests to arbitrary URLs from the server, potentially exposing internal data or services. This can lead to the disclosure of confidential information, depending on what the server is allowed to access.

Affected Systems

Sunbird‑Ed SunbirdEd‑portal version 1.13.4 is affected. No other vendors or product versions are listed in the data.

Risk and Exploitability

The CVSS score is 7.5, indicating a high severity. EPSS is reported as less than 1 %, suggesting low current exploitation activity. The vulnerability is not in CIA’s KEV catalog. While the attack vector is not explicitly documented, SSRF typically requires remote attacker access to the portal’s HTTP interface to inject malicious URLs.

Generated by OpenCVE AI on March 17, 2026 at 15:01 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Sunbird‑Ed SunbirdEd‑portal to the latest release that contains the SSRF fix.
  • Restrict the portal’s outbound network traffic so it cannot reach internal IP ranges or sensitive services.
  • Validate and whitelist user‑supplied URLs in the application code to prevent arbitrary connection attempts.
  • Ensure that the application’s firewall or container network policies block unwanted outbound destinations.

Generated by OpenCVE AI on March 17, 2026 at 15:01 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 20 Mar 2026 14:45:00 +0000

Type Values Removed Values Added
Title SunbirdEd-portal SSRF allows Sensitive Data Retrieval

Thu, 12 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Sunbird-ed
Sunbird-ed sunbirded-portal
Vendors & Products Sunbird-ed
Sunbird-ed sunbirded-portal

Wed, 11 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-918
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 11 Mar 2026 14:30:00 +0000

Type Values Removed Values Added
Description An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. This allows attackers to obtain sensitive information
References

Subscriptions

Sunbird-ed Sunbirded-portal
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-11T14:40:33.327Z

Reserved: 2026-01-09T00:00:00.000Z

Link: CVE-2025-70027

cve-icon Vulnrichment

Updated: 2026-03-11T14:37:46.314Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-11T15:16:21.507

Modified: 2026-03-12T21:08:22.643

Link: CVE-2025-70027

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T14:33:44Z

Weaknesses