VYPR

CWE-918

Server-Side Request Forgery (SSRF)

BaseIncomplete

Description

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-664

CVEs mapped to this weakness (1,583)

page 61 of 80
  • CVE-2023-30019MedMay 8, 2023
    risk 0.28cvss 5.3epss 0.02

    imgproxy <=3.14.0 is vulnerable to Server-Side Request Forgery (SSRF) due to a lack of sanitization of the imageURL parameter.

  • CVE-2022-23464MedSep 24, 2022
    risk 0.28cvss 4.3epss 0.01

    Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery (SSRF). RouterResourceImpl uses RestTemplate’s getForEntity to retrieve the contents of a URL containing user-controlled input, potentially resulting in…

  • CVE-2022-38648MedSep 22, 2022
    risk 0.28cvss 5.3epss 0.02

    Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14.

  • CVE-2022-35949MedAug 12, 2022
    risk 0.28cvss 5.3epss 0.01

    undici is an HTTP/1.1 client, written from scratch for Node.js.`undici` is vulnerable to SSRF (Server-side Request Forgery) when an application takes in **user input** into the `path/pathname` option of `undici.request`. If a user specifies a URL such as `http://127.0.0.1` or…

  • CVE-2022-0085MedJun 28, 2022
    risk 0.28cvss 5.3epss 0.01

    Server-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf prior to 2.0.0.

  • CVE-2022-29188MedMay 21, 2022
    risk 0.28cvss 5.3epss 0.01

    Smokescreen is an HTTP proxy. The primary use case for Smokescreen is to prevent server-side request forgery (SSRF) attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an option to deny…

  • CVE-2022-0870MedMar 11, 2022
    risk 0.28cvss 5.3epss 0.03

    Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.5.

  • CVE-2022-0508MedFeb 8, 2022
    risk 0.28cvss 5.3epss 0.01

    Server-Side Request Forgery (SSRF) in GitHub repository chocobozzz/peertube prior to f33e515991a32885622b217bf2ed1d1b0d9d6832

  • CVE-2021-33510MedMay 21, 2021
    risk 0.28cvss 4.3epss 0.01

    Plone through 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a file.

  • CVE-2020-17513MedDec 14, 2020
    risk 0.28cvss 5.3epss 0.04

    In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack.

  • CVE-2020-24710MedOct 28, 2020
    risk 0.28cvss 5.3epss 0.01

    Gophish before 0.11.0 allows SSRF attacks.

  • CVE-2020-13788MedJul 15, 2020
    risk 0.28cvss 4.3epss 0.01

    Harbor prior to 2.0.1 allows SSRF with this limitation: an attacker with the ability to edit projects can scan ports of hosts accessible on the Harbor server's intranet.

  • CVE-2019-1003028MedFeb 20, 2019
    risk 0.28cvss 4.3epss 0.01

    A server-side request forgery vulnerability exists in Jenkins JMS Messaging Plugin 1.1.1 and earlier in SSLCertificateAuthenticationMethod.java, UsernameAuthenticationMethod.java that allows attackers with Overall/Read permission to have Jenkins connect to a JMS endpoint.

  • CVE-2019-1003027MedFeb 20, 2019
    risk 0.28cvss 4.3epss 0.01

    A server-side request forgery vulnerability exists in Jenkins OctopusDeploy Plugin 1.8.1 and earlier in OctopusDeployPlugin.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified URL and obtain the HTTP response code if…

  • CVE-2019-1003026MedFeb 20, 2019
    risk 0.28cvss 4.3epss 0.01

    A server-side request forgery vulnerability exists in Jenkins Mattermost Notification Plugin 2.6.2 and earlier in MattermostNotifier.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified Mattermost server and room and send a…

  • CVE-2019-1003020MedFeb 6, 2019
    risk 0.28cvss 4.3epss 0.01

    A server-side request forgery vulnerability exists in Jenkins Kanboard Plugin 1.5.10 and earlier in KanboardGlobalConfiguration.java that allows attackers with Overall/Read permission to submit a GET request to an attacker-specified URL.

  • CVE-2018-1999039MedAug 1, 2018
    risk 0.28cvss 4.3epss 0.01

    A server-side request forgery vulnerability exists in Jenkins Confluence Publisher Plugin 2.0.1 and earlier in ConfluenceSite.java that allows attackers to have Jenkins submit login requests to an attacker-specified Confluence server URL with attacker specified credentials.

  • CVE-2018-1000188MedJun 5, 2018
    risk 0.28cvss 5.4epss 0.01

    A server-side request forgery vulnerability exists in Jenkins CAS Plugin 1.4.1 and older in CasSecurityRealm.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.

  • CVE-2018-1000184MedJun 5, 2018
    risk 0.28cvss 5.4epss 0.01

    A server-side request forgery vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubPluginConfig.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.

  • CVE-2018-1000067MedFeb 16, 2018
    risk 0.28cvss 5.3epss 0.02

    An improper authorization vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to have Jenkins submit HTTP GET requests and get limited information about the response.