CVE-2023-3432

Published: Jun 27, 2023Modified: Nov 21, 2024

10.0

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Exploitability: 3.9 / Impact: 5.8

Source: NVD

Description

Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9.

Affected (2)

Products: Plantuml: Plantuml · Fedoraproject: Fedora

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Plantuml Plantuml	Before 1.2023.9

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 39

Related CWEs

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (6)

https://github.com/plantuml/plantuml/commit/b32500bb61ae617bb312496d6d832e4be8190797

Source: security@huntr.dev

Patch

https://huntr.dev/bounties/8ac3316f-431c-468d-87e4-3dafff2ecf51

Source: security@huntr.dev

ExploitPatchThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FV7XL3CY3K3K5ER3ASMEQA546MIQQ7QM/

Source: security@huntr.dev

Mailing ListThird Party Advisory

https://github.com/plantuml/plantuml/commit/b32500bb61ae617bb312496d6d832e4be8190797

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://huntr.dev/bounties/8ac3316f-431c-468d-87e4-3dafff2ecf51

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FV7XL3CY3K3K5ER3ASMEQA546MIQQ7QM/

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

Timeline

No history available yet.