CWE-918
Server-Side Request Forgery (SSRF)
Description
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-664
CVEs mapped to this weakness (1,583)
page 61 of 80| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-30019 | Med | 0.28 | 5.3 | 0.02 | May 8, 2023 | imgproxy <=3.14.0 is vulnerable to Server-Side Request Forgery (SSRF) due to a lack of sanitization of the imageURL parameter. | ||
| CVE-2022-23464 | — | Med | 0.28 | 4.3 | 0.01 | Sep 24, 2022 | Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery (SSRF). RouterResourceImpl uses RestTemplate’s getForEntity to retrieve the contents of a URL containing user-controlled input, potentially resulting in… | |
| CVE-2022-38648 | — | Med | 0.28 | 5.3 | 0.02 | Sep 22, 2022 | Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14. | |
| CVE-2022-35949 | Med | 0.28 | 5.3 | 0.01 | Aug 12, 2022 | undici is an HTTP/1.1 client, written from scratch for Node.js.`undici` is vulnerable to SSRF (Server-side Request Forgery) when an application takes in **user input** into the `path/pathname` option of `undici.request`. If a user specifies a URL such as `http://127.0.0.1` or… | ||
| CVE-2022-0085 | Med | 0.28 | 5.3 | 0.01 | Jun 28, 2022 | Server-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf prior to 2.0.0. | ||
| CVE-2022-29188 | — | Med | 0.28 | 5.3 | 0.01 | May 21, 2022 | Smokescreen is an HTTP proxy. The primary use case for Smokescreen is to prevent server-side request forgery (SSRF) attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an option to deny… | |
| CVE-2022-0870 | Med | 0.28 | 5.3 | 0.03 | Mar 11, 2022 | Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.5. | ||
| CVE-2022-0508 | — | Med | 0.28 | 5.3 | 0.01 | Feb 8, 2022 | Server-Side Request Forgery (SSRF) in GitHub repository chocobozzz/peertube prior to f33e515991a32885622b217bf2ed1d1b0d9d6832 | |
| CVE-2021-33510 | — | Med | 0.28 | 4.3 | 0.01 | May 21, 2021 | Plone through 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a file. | |
| CVE-2020-17513 | Med | 0.28 | 5.3 | 0.04 | Dec 14, 2020 | In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack. | ||
| CVE-2020-24710 | — | Med | 0.28 | 5.3 | 0.01 | Oct 28, 2020 | Gophish before 0.11.0 allows SSRF attacks. | |
| CVE-2020-13788 | — | Med | 0.28 | 4.3 | 0.01 | Jul 15, 2020 | Harbor prior to 2.0.1 allows SSRF with this limitation: an attacker with the ability to edit projects can scan ports of hosts accessible on the Harbor server's intranet. | |
| CVE-2019-1003028 | Med | 0.28 | 4.3 | 0.01 | Feb 20, 2019 | A server-side request forgery vulnerability exists in Jenkins JMS Messaging Plugin 1.1.1 and earlier in SSLCertificateAuthenticationMethod.java, UsernameAuthenticationMethod.java that allows attackers with Overall/Read permission to have Jenkins connect to a JMS endpoint. | ||
| CVE-2019-1003027 | Med | 0.28 | 4.3 | 0.01 | Feb 20, 2019 | A server-side request forgery vulnerability exists in Jenkins OctopusDeploy Plugin 1.8.1 and earlier in OctopusDeployPlugin.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified URL and obtain the HTTP response code if… | ||
| CVE-2019-1003026 | Med | 0.28 | 4.3 | 0.01 | Feb 20, 2019 | A server-side request forgery vulnerability exists in Jenkins Mattermost Notification Plugin 2.6.2 and earlier in MattermostNotifier.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified Mattermost server and room and send a… | ||
| CVE-2019-1003020 | Med | 0.28 | 4.3 | 0.01 | Feb 6, 2019 | A server-side request forgery vulnerability exists in Jenkins Kanboard Plugin 1.5.10 and earlier in KanboardGlobalConfiguration.java that allows attackers with Overall/Read permission to submit a GET request to an attacker-specified URL. | ||
| CVE-2018-1999039 | — | Med | 0.28 | 4.3 | 0.01 | Aug 1, 2018 | A server-side request forgery vulnerability exists in Jenkins Confluence Publisher Plugin 2.0.1 and earlier in ConfluenceSite.java that allows attackers to have Jenkins submit login requests to an attacker-specified Confluence server URL with attacker specified credentials. | |
| CVE-2018-1000188 | — | Med | 0.28 | 5.4 | 0.01 | Jun 5, 2018 | A server-side request forgery vulnerability exists in Jenkins CAS Plugin 1.4.1 and older in CasSecurityRealm.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. | |
| CVE-2018-1000184 | — | Med | 0.28 | 5.4 | 0.01 | Jun 5, 2018 | A server-side request forgery vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubPluginConfig.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. | |
| CVE-2018-1000067 | — | Med | 0.28 | 5.3 | 0.02 | Feb 16, 2018 | An improper authorization vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to have Jenkins submit HTTP GET requests and get limited information about the response. |
- risk 0.28cvss 5.3epss 0.02
imgproxy <=3.14.0 is vulnerable to Server-Side Request Forgery (SSRF) due to a lack of sanitization of the imageURL parameter.
- risk 0.28cvss 4.3epss 0.01
Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery (SSRF). RouterResourceImpl uses RestTemplate’s getForEntity to retrieve the contents of a URL containing user-controlled input, potentially resulting in…
- risk 0.28cvss 5.3epss 0.02
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14.
- risk 0.28cvss 5.3epss 0.01
undici is an HTTP/1.1 client, written from scratch for Node.js.`undici` is vulnerable to SSRF (Server-side Request Forgery) when an application takes in **user input** into the `path/pathname` option of `undici.request`. If a user specifies a URL such as `http://127.0.0.1` or…
- risk 0.28cvss 5.3epss 0.01
Server-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf prior to 2.0.0.
- risk 0.28cvss 5.3epss 0.01
Smokescreen is an HTTP proxy. The primary use case for Smokescreen is to prevent server-side request forgery (SSRF) attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an option to deny…
- risk 0.28cvss 5.3epss 0.03
Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.5.
- risk 0.28cvss 5.3epss 0.01
Server-Side Request Forgery (SSRF) in GitHub repository chocobozzz/peertube prior to f33e515991a32885622b217bf2ed1d1b0d9d6832
- risk 0.28cvss 4.3epss 0.01
Plone through 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a file.
- risk 0.28cvss 5.3epss 0.04
In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack.
- risk 0.28cvss 5.3epss 0.01
Gophish before 0.11.0 allows SSRF attacks.
- risk 0.28cvss 4.3epss 0.01
Harbor prior to 2.0.1 allows SSRF with this limitation: an attacker with the ability to edit projects can scan ports of hosts accessible on the Harbor server's intranet.
- risk 0.28cvss 4.3epss 0.01
A server-side request forgery vulnerability exists in Jenkins JMS Messaging Plugin 1.1.1 and earlier in SSLCertificateAuthenticationMethod.java, UsernameAuthenticationMethod.java that allows attackers with Overall/Read permission to have Jenkins connect to a JMS endpoint.
- risk 0.28cvss 4.3epss 0.01
A server-side request forgery vulnerability exists in Jenkins OctopusDeploy Plugin 1.8.1 and earlier in OctopusDeployPlugin.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified URL and obtain the HTTP response code if…
- risk 0.28cvss 4.3epss 0.01
A server-side request forgery vulnerability exists in Jenkins Mattermost Notification Plugin 2.6.2 and earlier in MattermostNotifier.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified Mattermost server and room and send a…
- risk 0.28cvss 4.3epss 0.01
A server-side request forgery vulnerability exists in Jenkins Kanboard Plugin 1.5.10 and earlier in KanboardGlobalConfiguration.java that allows attackers with Overall/Read permission to submit a GET request to an attacker-specified URL.
- risk 0.28cvss 4.3epss 0.01
A server-side request forgery vulnerability exists in Jenkins Confluence Publisher Plugin 2.0.1 and earlier in ConfluenceSite.java that allows attackers to have Jenkins submit login requests to an attacker-specified Confluence server URL with attacker specified credentials.
- risk 0.28cvss 5.4epss 0.01
A server-side request forgery vulnerability exists in Jenkins CAS Plugin 1.4.1 and older in CasSecurityRealm.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.
- risk 0.28cvss 5.4epss 0.01
A server-side request forgery vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubPluginConfig.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.
- risk 0.28cvss 5.3epss 0.02
An improper authorization vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to have Jenkins submit HTTP GET requests and get limited information about the response.