CWE-918
Server-Side Request Forgery (SSRF)
Description
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-664
CVEs mapped to this weakness (1,583)
page 78 of 80| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-7739 | 0.00 | — | 0.01 | Oct 6, 2020 | This affects all versions of package phantomjs-seo. It is possible for an attacker to craft a url that will be passed to a PhantomJS instance allowing for an SSRF attack. | |||
| CVE-2020-9298 | — | 0.00 | — | 0.01 | Aug 28, 2020 | The Spinnaker template resolution functionality is vulnerable to Server-Side Request Forgery (SSRF), which allows an attacker to send requests on behalf of Spinnaker potentially leading to sensitive data disclosure. | ||
| CVE-2020-14044 | — | 0.00 | — | 0.03 | Aug 24, 2020 | ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Server-Side Request Forgery (SSRF) vulnerability was found in Codiad v1.7.8 and later. A user with admin privileges could use the plugin install feature to make the server request any URL via components/market/class.market.php. This… | ||
| CVE-2020-15152 | 0.00 | — | 0.02 | Aug 17, 2020 | ftp-srv is an npm package which is a modern and extensible FTP server designed to be simple yet configurable. In ftp-srv before versions 2.19.6, 3.1.2, and 4.3.4 are vulnerable to Server-Side Request Forgery. The PORT command allows arbitrary IPs which can be used to cause the… | |||
| CVE-2020-8226 | 0.00 | — | 0.01 | Aug 17, 2020 | A vulnerability exists in phpBB <v3.2.10 and <v3.3.1 which allowed remote image dimensions check to be used to SSRF. | |||
| CVE-2020-13970 | — | 0.00 | — | 0.01 | Jul 28, 2020 | Shopware before 6.2.3 is vulnerable to a Server-Side Request Forgery (SSRF) in its "Mediabrowser upload by URL" feature. This allows an authenticated user to send HTTP, HTTPS, FTP, and SFTP requests on behalf of the Shopware platform server. | ||
| CVE-2020-8205 | 0.00 | — | 0.01 | Jul 20, 2020 | The uppy npm package < 1.13.2 and < 2.0.0-alpha.5 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external networks or otherwise interact with internal systems. | |||
| CVE-2020-13788 | — | 0.00 | — | 0.01 | Jul 15, 2020 | Harbor prior to 2.0.1 allows SSRF with this limitation: an attacker with the ability to edit projects can scan ports of hosts accessible on the Harbor server's intranet. | ||
| CVE-2020-11980 | — | 0.00 | — | 0.02 | Jun 12, 2020 | In Karaf, JMX authentication takes place using JAAS and authorization takes place using ACL files. By default, only an "admin" can actually invoke on an MBean. However there is a vulnerability there for someone who is not an admin, but has a "viewer" role. In the… | ||
| CVE-2020-8555 | 0.00 | — | 0.04 | Jun 4, 2020 | The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from… | |||
| CVE-2020-13226 | — | 0.00 | — | 0.02 | May 20, 2020 | WSO2 API Manager 3.0.0 does not properly restrict outbound network access from a Publisher node, opening up the possibility of SSRF to this node's entire intranet. | ||
| CVE-2020-8134 | 0.00 | — | 0.01 | Mar 20, 2020 | Server-side request forgery (SSRF) vulnerability in Ghost CMS < 3.10.0 allows an attacker to scan local or external network or otherwise interact with internal systems. | |||
| CVE-2020-8135 | 0.00 | — | 0.01 | Mar 20, 2020 | The uppy npm package < 1.9.3 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external network or otherwise interact with internal systems. | |||
| CVE-2020-8128 | 0.00 | — | 0.03 | Feb 14, 2020 | An unintended require and server-side request forgery vulnerabilities in jsreport version 2.5.0 and earlier allow attackers to execute arbitrary code. | |||
| CVE-2020-1925 | — | 0.00 | — | 0.03 | Jan 9, 2020 | Apache Olingo versions 4.0.0 to 4.7.0 provide the AsyncRequestWrapperImpl class which reads a URL from the Location header, and then sends a GET or DELETE request to this URL. It may allow to implement a SSRF attack. If an attacker tricks a client to connect to a malicious… | ||
| CVE-2019-8156 | 0.00 | — | 0.02 | Nov 6, 2019 | A server-side request forgery (SSRF) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to modify store configurations can manipulate the connector api endpoint to enable remote code execution. | |||
| CVE-2019-8151 | 0.00 | — | 0.02 | Nov 5, 2019 | A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to manipulate shippment settings can execute arbitrary code through server-side request forgery due to unsafe handling… | |||
| CVE-2019-18394 | — | 0.00 | — | 0.32 | Oct 24, 2019 | A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests. | ||
| CVE-2019-17400 | — | 0.00 | — | 0.02 | Oct 21, 2019 | The unoconv package before 0.9 mishandles untrusted pathnames, leading to SSRF and local file inclusion. | ||
| CVE-2017-18638 | — | 0.00 | — | 0.17 | Oct 11, 2019 | send_email in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image… |
- CVE-2020-7739Oct 6, 2020risk 0.00cvss —epss 0.01
This affects all versions of package phantomjs-seo. It is possible for an attacker to craft a url that will be passed to a PhantomJS instance allowing for an SSRF attack.
- CVE-2020-9298Aug 28, 2020risk 0.00cvss —epss 0.01
The Spinnaker template resolution functionality is vulnerable to Server-Side Request Forgery (SSRF), which allows an attacker to send requests on behalf of Spinnaker potentially leading to sensitive data disclosure.
- CVE-2020-14044Aug 24, 2020risk 0.00cvss —epss 0.03
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Server-Side Request Forgery (SSRF) vulnerability was found in Codiad v1.7.8 and later. A user with admin privileges could use the plugin install feature to make the server request any URL via components/market/class.market.php. This…
- CVE-2020-15152Aug 17, 2020risk 0.00cvss —epss 0.02
ftp-srv is an npm package which is a modern and extensible FTP server designed to be simple yet configurable. In ftp-srv before versions 2.19.6, 3.1.2, and 4.3.4 are vulnerable to Server-Side Request Forgery. The PORT command allows arbitrary IPs which can be used to cause the…
- CVE-2020-8226Aug 17, 2020risk 0.00cvss —epss 0.01
A vulnerability exists in phpBB <v3.2.10 and <v3.3.1 which allowed remote image dimensions check to be used to SSRF.
- CVE-2020-13970Jul 28, 2020risk 0.00cvss —epss 0.01
Shopware before 6.2.3 is vulnerable to a Server-Side Request Forgery (SSRF) in its "Mediabrowser upload by URL" feature. This allows an authenticated user to send HTTP, HTTPS, FTP, and SFTP requests on behalf of the Shopware platform server.
- CVE-2020-8205Jul 20, 2020risk 0.00cvss —epss 0.01
The uppy npm package < 1.13.2 and < 2.0.0-alpha.5 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external networks or otherwise interact with internal systems.
- CVE-2020-13788Jul 15, 2020risk 0.00cvss —epss 0.01
Harbor prior to 2.0.1 allows SSRF with this limitation: an attacker with the ability to edit projects can scan ports of hosts accessible on the Harbor server's intranet.
- CVE-2020-11980Jun 12, 2020risk 0.00cvss —epss 0.02
In Karaf, JMX authentication takes place using JAAS and authorization takes place using ACL files. By default, only an "admin" can actually invoke on an MBean. However there is a vulnerability there for someone who is not an admin, but has a "viewer" role. In the…
- CVE-2020-8555Jun 4, 2020risk 0.00cvss —epss 0.04
The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from…
- CVE-2020-13226May 20, 2020risk 0.00cvss —epss 0.02
WSO2 API Manager 3.0.0 does not properly restrict outbound network access from a Publisher node, opening up the possibility of SSRF to this node's entire intranet.
- CVE-2020-8134Mar 20, 2020risk 0.00cvss —epss 0.01
Server-side request forgery (SSRF) vulnerability in Ghost CMS < 3.10.0 allows an attacker to scan local or external network or otherwise interact with internal systems.
- CVE-2020-8135Mar 20, 2020risk 0.00cvss —epss 0.01
The uppy npm package < 1.9.3 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external network or otherwise interact with internal systems.
- CVE-2020-8128Feb 14, 2020risk 0.00cvss —epss 0.03
An unintended require and server-side request forgery vulnerabilities in jsreport version 2.5.0 and earlier allow attackers to execute arbitrary code.
- CVE-2020-1925Jan 9, 2020risk 0.00cvss —epss 0.03
Apache Olingo versions 4.0.0 to 4.7.0 provide the AsyncRequestWrapperImpl class which reads a URL from the Location header, and then sends a GET or DELETE request to this URL. It may allow to implement a SSRF attack. If an attacker tricks a client to connect to a malicious…
- CVE-2019-8156Nov 6, 2019risk 0.00cvss —epss 0.02
A server-side request forgery (SSRF) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to modify store configurations can manipulate the connector api endpoint to enable remote code execution.
- CVE-2019-8151Nov 5, 2019risk 0.00cvss —epss 0.02
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to manipulate shippment settings can execute arbitrary code through server-side request forgery due to unsafe handling…
- CVE-2019-18394Oct 24, 2019risk 0.00cvss —epss 0.32
A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests.
- CVE-2019-17400Oct 21, 2019risk 0.00cvss —epss 0.02
The unoconv package before 0.9 mishandles untrusted pathnames, leading to SSRF and local file inclusion.
- CVE-2017-18638Oct 11, 2019risk 0.00cvss —epss 0.17
send_email in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image…