CWE-918
Server-Side Request Forgery (SSRF)
Description
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-664
CVEs mapped to this weakness (1,583)
page 79 of 80| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-7923 | 0.00 | — | 0.01 | Aug 2, 2019 | A server-side request forgery (SSRF) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by authenticated user with admin privileges to manipulate shipment settings to execute arbitrary code. | |||
| CVE-2019-7913 | 0.00 | — | 0.01 | Aug 2, 2019 | A server-side request forgery (SSRF) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with admin privileges to manipulate shipment methods to execute arbitrary code. | |||
| CVE-2019-7911 | 0.00 | — | 0.01 | Aug 2, 2019 | A server-side request forgery (SSRF) vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with… | |||
| CVE-2019-7892 | 0.00 | — | 0.02 | Aug 2, 2019 | A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to access shipment settings can execute arbitrary code via server-side request forgery. | |||
| CVE-2019-9827 | — | 0.00 | — | 0.27 | Jul 3, 2019 | Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote attacker to trigger an HTTP request from an affected server to an arbitrary host via the initial /proxy/ substring of a URI. | ||
| CVE-2019-11027 | — | 0.00 | — | 0.03 | Jun 10, 2019 | Ruby OpenID (aka ruby-openid) through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the… | ||
| CVE-2019-11767 | — | 0.00 | — | 0.01 | May 5, 2019 | Server side request forgery (SSRF) in phpBB before 3.2.6 allows checking for the existence of files and services on the local network of the host through the remote avatar upload function. | ||
| CVE-2019-10686 | 0.00 | — | 0.02 | Apr 1, 2019 | An SSRF vulnerability was found in an API from Ctrip Apollo through 1.4.0-SNAPSHOT. An attacker may use it to do an intranet port scan or raise a GET request via /system-info/health because the %23 substring is mishandled. | |||
| CVE-2019-3809 | 0.00 | — | 0.01 | Mar 25, 2019 | A flaw was found in Moodle versions 3.1 to 3.1.15 and earlier unsupported versions. The mybackpack functionality allowed setting the URL of badges, when it should be restricted to the Mozilla Open Badges backpack URL. This resulted in the possibility of blind SSRF via requests… | |||
| CVE-2019-6970 | 0.00 | — | 0.01 | Mar 18, 2019 | Moodle 3.5.x before 3.5.4 allows SSRF. | |||
| CVE-2019-1003028 | 0.00 | — | 0.01 | Feb 20, 2019 | A server-side request forgery vulnerability exists in Jenkins JMS Messaging Plugin 1.1.1 and earlier in SSLCertificateAuthenticationMethod.java, UsernameAuthenticationMethod.java that allows attackers with Overall/Read permission to have Jenkins connect to a JMS endpoint. | |||
| CVE-2019-1003026 | 0.00 | — | 0.01 | Feb 20, 2019 | A server-side request forgery vulnerability exists in Jenkins Mattermost Notification Plugin 2.6.2 and earlier in MattermostNotifier.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified Mattermost server and room and send a… | |||
| CVE-2019-1003027 | 0.00 | — | 0.01 | Feb 20, 2019 | A server-side request forgery vulnerability exists in Jenkins OctopusDeploy Plugin 1.8.1 and earlier in OctopusDeployPlugin.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified URL and obtain the HTTP response code if… | |||
| CVE-2019-1003020 | 0.00 | — | 0.01 | Feb 6, 2019 | A server-side request forgery vulnerability exists in Jenkins Kanboard Plugin 1.5.10 and earlier in KanboardGlobalConfiguration.java that allows attackers with Overall/Read permission to submit a GET request to an attacker-specified URL. | |||
| CVE-2019-6257 | 0.00 | — | 0.01 | Jan 14, 2019 | A Server Side Request Forgery (SSRF) vulnerability in elFinder before 2.1.46 could allow a malicious user to access the content of internal network resources. This occurs in get_remote_contents() in php/elFinder.class.php. | |||
| CVE-2018-1000422 | 0.00 | — | 0.01 | Jan 9, 2019 | An improper authorization vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java that allows attackers to have Jenkins perform a connection test, connecting to an attacker-specified server with attacker-specified credentials and… | |||
| CVE-2018-1000421 | 0.00 | — | 0.01 | Jan 9, 2019 | An improper authorization vulnerability exists in Jenkins Mesos Plugin 0.17.1 and earlier in MesosCloud.java that allows attackers with Overall/Read access to initiate a test connection to an attacker-specified Mesos server with attacker-specified credentials IDs obtained… | |||
| CVE-2018-14721 | 0.00 | — | 0.10 | Jan 2, 2019 | FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization. | |||
| CVE-2017-16790 | — | Med | 0.00 | 6.5 | 0.02 | Aug 6, 2018 | An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. When a form is submitted by the user, the request handler classes of the Form component merge POST data and uploaded files data into one array. This big array forms the data that… | |
| CVE-2018-12678 | Cri | 0.00 | 9.8 | 0.02 | Jun 22, 2018 | Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks. |
- CVE-2019-7923Aug 2, 2019risk 0.00cvss —epss 0.01
A server-side request forgery (SSRF) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by authenticated user with admin privileges to manipulate shipment settings to execute arbitrary code.
- CVE-2019-7913Aug 2, 2019risk 0.00cvss —epss 0.01
A server-side request forgery (SSRF) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with admin privileges to manipulate shipment methods to execute arbitrary code.
- CVE-2019-7911Aug 2, 2019risk 0.00cvss —epss 0.01
A server-side request forgery (SSRF) vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with…
- CVE-2019-7892Aug 2, 2019risk 0.00cvss —epss 0.02
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to access shipment settings can execute arbitrary code via server-side request forgery.
- CVE-2019-9827Jul 3, 2019risk 0.00cvss —epss 0.27
Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote attacker to trigger an HTTP request from an affected server to an arbitrary host via the initial /proxy/ substring of a URI.
- CVE-2019-11027Jun 10, 2019risk 0.00cvss —epss 0.03
Ruby OpenID (aka ruby-openid) through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the…
- CVE-2019-11767May 5, 2019risk 0.00cvss —epss 0.01
Server side request forgery (SSRF) in phpBB before 3.2.6 allows checking for the existence of files and services on the local network of the host through the remote avatar upload function.
- CVE-2019-10686Apr 1, 2019risk 0.00cvss —epss 0.02
An SSRF vulnerability was found in an API from Ctrip Apollo through 1.4.0-SNAPSHOT. An attacker may use it to do an intranet port scan or raise a GET request via /system-info/health because the %23 substring is mishandled.
- CVE-2019-3809Mar 25, 2019risk 0.00cvss —epss 0.01
A flaw was found in Moodle versions 3.1 to 3.1.15 and earlier unsupported versions. The mybackpack functionality allowed setting the URL of badges, when it should be restricted to the Mozilla Open Badges backpack URL. This resulted in the possibility of blind SSRF via requests…
- CVE-2019-6970Mar 18, 2019risk 0.00cvss —epss 0.01
Moodle 3.5.x before 3.5.4 allows SSRF.
- CVE-2019-1003028Feb 20, 2019risk 0.00cvss —epss 0.01
A server-side request forgery vulnerability exists in Jenkins JMS Messaging Plugin 1.1.1 and earlier in SSLCertificateAuthenticationMethod.java, UsernameAuthenticationMethod.java that allows attackers with Overall/Read permission to have Jenkins connect to a JMS endpoint.
- CVE-2019-1003026Feb 20, 2019risk 0.00cvss —epss 0.01
A server-side request forgery vulnerability exists in Jenkins Mattermost Notification Plugin 2.6.2 and earlier in MattermostNotifier.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified Mattermost server and room and send a…
- CVE-2019-1003027Feb 20, 2019risk 0.00cvss —epss 0.01
A server-side request forgery vulnerability exists in Jenkins OctopusDeploy Plugin 1.8.1 and earlier in OctopusDeployPlugin.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified URL and obtain the HTTP response code if…
- CVE-2019-1003020Feb 6, 2019risk 0.00cvss —epss 0.01
A server-side request forgery vulnerability exists in Jenkins Kanboard Plugin 1.5.10 and earlier in KanboardGlobalConfiguration.java that allows attackers with Overall/Read permission to submit a GET request to an attacker-specified URL.
- CVE-2019-6257Jan 14, 2019risk 0.00cvss —epss 0.01
A Server Side Request Forgery (SSRF) vulnerability in elFinder before 2.1.46 could allow a malicious user to access the content of internal network resources. This occurs in get_remote_contents() in php/elFinder.class.php.
- CVE-2018-1000422Jan 9, 2019risk 0.00cvss —epss 0.01
An improper authorization vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java that allows attackers to have Jenkins perform a connection test, connecting to an attacker-specified server with attacker-specified credentials and…
- CVE-2018-1000421Jan 9, 2019risk 0.00cvss —epss 0.01
An improper authorization vulnerability exists in Jenkins Mesos Plugin 0.17.1 and earlier in MesosCloud.java that allows attackers with Overall/Read access to initiate a test connection to an attacker-specified Mesos server with attacker-specified credentials IDs obtained…
- CVE-2018-14721Jan 2, 2019risk 0.00cvss —epss 0.10
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.
- risk 0.00cvss 6.5epss 0.02
An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. When a form is submitted by the user, the request handler classes of the Form component merge POST data and uploaded files data into one array. This big array forms the data that…
- risk 0.00cvss 9.8epss 0.02
Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks.