CVE-2019-9187

Published: Jun 5, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs.

Affected (5)

Products: Ikiwiki: Ikiwiki

1 product

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Ikiwiki Ikiwiki	Before 3.20170111.1
Ikiwiki Ikiwiki	From 3.20190207 to 3.20190226
Ikiwiki Ikiwiki	Version 3.20180105
Ikiwiki Ikiwiki	Version 3.20180228
Ikiwiki Ikiwiki	Version 3.20180311

Related CWEs

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (6)

https://ikiwiki.info/news/

Source: cve@mitre.org

Vendor Advisory

https://ikiwiki.info/news/version_3.20190228/

Source: cve@mitre.org

https://lists.debian.org/debian-lts-announce/2019/03/msg00018.html

Source: cve@mitre.org

https://ikiwiki.info/news/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://ikiwiki.info/news/version_3.20190228/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2019/03/msg00018.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.