VYPR

CWE-918

Server-Side Request Forgery (SSRF)

BaseIncomplete

Description

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-664

CVEs mapped to this weakness (1,583)

page 35 of 80
  • CVE-2022-27201MedMar 15, 2022
    risk 0.42cvss 6.5epss 0.01

    Jenkins Semantic Versioning Plugin 1.13 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file…

  • CVE-2022-24980HigFeb 19, 2022
    risk 0.42cvss 7.5epss 0.01

    An issue was discovered in the Kitodo.Presentation (aka dif) extension before 2.3.2, 3.x before 3.2.3, and 3.3.x before 3.3.4 for TYPO3. A missing access check in an eID script allows an unauthenticated user to submit arbitrary URLs to this component. This results in SSRF,…

  • CVE-2022-23206HigFeb 6, 2022
    risk 0.42cvss 7.5epss 0.02

    In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unprivileged user who can reach Traffic Ops over HTTPS can send a specially-crafted POST request to /user/login/oauth to scan a port of a server that Traffic Ops can reach.

  • CVE-2021-33571HigJun 8, 2021
    risk 0.42cvss 7.5epss 0.03

    In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46_address do not prohibit leading zero characters in octal literals. This may allow a bypass of access control that is based on IP addresses.…

  • CVE-2021-31779MedApr 28, 2021
    risk 0.42cvss 6.4epss 0.00

    The yoast_seo (aka Yoast SEO) extension before 7.2.1 for TYPO3 allows SSRF via a backend user account.

  • CVE-2021-22696HigApr 2, 2021
    risk 0.42cvss 7.5epss 0.07

    CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)). Instead of sending a JWT token as a "request" parameter, the spec also…

  • CVE-2020-28463MedFeb 18, 2021
    risk 0.42cvss 6.5epss 0.01

    All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab's documentation) Steps to reproduce by Karan Bamal: 1. Download and install the latest package of…

  • CVE-2019-17400HigOct 21, 2019
    risk 0.42cvss 7.5epss 0.02

    The unoconv package before 0.9 mishandles untrusted pathnames, leading to SSRF and local file inclusion.

  • CVE-2019-6970HigMar 21, 2019
    risk 0.42cvss 7.5epss 0.01

    Moodle 3.5.x before 3.5.4 allows SSRF.

  • CVE-2018-1000421MedJan 9, 2019
    risk 0.42cvss 6.5epss 0.01

    An improper authorization vulnerability exists in Jenkins Mesos Plugin 0.17.1 and earlier in MesosCloud.java that allows attackers with Overall/Read access to initiate a test connection to an attacker-specified Mesos server with attacker-specified credentials IDs obtained…

  • CVE-2018-9920MedMay 24, 2018
    risk 0.42cvss 6.5epss 0.01

    Server side request forgery exists in the runtime application in K2 smartforms 4.6.11 via a modified hostname in an https://*/Identity/STS/Forms/Scripts URL.

  • CVE-2018-8801MedApr 25, 2018
    risk 0.42cvss 6.5epss 0.01

    GitLab Community and Enterprise Editions version 8.3 up to 10.x before 10.3 are vulnerable to SSRF in the Services and webhooks component.

  • CVE-2018-10174MedApr 20, 2018
    risk 0.42cvss 6.5epss 0.01

    Digital Guardian Management Console 7.1.2.0015 has an SSRF issue that allows remote attackers to read arbitrary files via file:// URLs, send TCP traffic to intranet hosts, or obtain an NTLM hash. This can occur even if the logged-in user has a read-only role.

  • CVE-2017-15886MedDec 28, 2017
    risk 0.42cvss 6.5epss 0.02

    Server-side request forgery (SSRF) vulnerability in Link Preview in Synology Chat before 2.0.0-1124 allows remote authenticated users to download arbitrary local files via a crafted URI.

  • CVE-2017-12071MedSep 8, 2017
    risk 0.42cvss 6.5epss 0.01

    Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the url parameter.

  • CVE-2017-11149MedAug 14, 2017
    risk 0.42cvss 6.5epss 0.02

    Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 allows remote authenticated users to download arbitrary local files via crafted URI.

  • CVE-2017-11148MedAug 11, 2017
    risk 0.42cvss 6.5epss 0.01

    Server-side request forgery (SSRF) vulnerability in link preview in Synology Chat before 1.1.0-0806 allows remote authenticated users to access intranet resources via unspecified vectors.

  • CVE-2017-10973MedJul 6, 2017
    risk 0.42cvss 6.5epss 0.01

    In FineCMS before 2017-07-06, application/lib/ajax/get_image_data.php has SSRF, related to requests for non-image files with a modified HTTP Host header.

  • CVE-2017-6036MedJun 30, 2017
    risk 0.42cvss 6.5epss 0.01

    A Server-Side Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web server receives a request, but does not sufficiently verify that the request is being sent to the expected destination.

  • CVE-2017-9307MedMay 31, 2017
    risk 0.42cvss 6.5epss 0.01

    SSRF vulnerability in remotedownload.php in Allen Disk 1.6 allows remote authenticated users to conduct port scans and access intranet servers via a crafted file parameter.