CVE-2023-24060

Published: Jan 27, 2023Modified: Mar 27, 2025

5.0

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Exploitability: 3.1 / Impact: 1.4

Source: NVD

Description

Haven 5d15944 allows Server-Side Request Forgery (SSRF) via the feed[url]= Feeds functionality. Authenticated users with the ability to create new RSS Feeds or add RSS Feeds can supply an arbitrary hostname (or even the hostname of the Haven server itself). NOTE: this product has significant usage but does not have numbered releases; ordinary end users may typically use the master branch.

Affected (1)

Products: Havenweb: Haven

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Havenweb Haven	Version 5d15944

Related CWEs

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (4)

https://github.com/havenweb/haven/issues/51

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://havenweb.org/

Source: cve@mitre.org

ProductVendor Advisory

https://github.com/havenweb/haven/issues/51

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

https://havenweb.org/

Source: af854a3a-2127-422b-91ae-364da2661108

ProductVendor Advisory

Timeline

No history available yet.