Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

CVEs (2,678)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-2927 1Jizhicms 1Jizhicms Nov 21, 2024 May 27, 2023 N/A· v4 9.8 CRITICAL· v3 6.5 MEDIUM· v2 A vulnerability was found in JIZHICMS 2.4.5. It has been classified as critical. Affected is the function index of the file TemplateController.php. The manipulation of the argument webapi leads to server-side request for...Show more A vulnerability was found in JIZHICMS 2.4.5. It has been classified as critical. Affected is the function index of the file TemplateController.php. The manipulation of the argument webapi leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-230082 is the identifier assigned to this vulnerability.Show less
CVE-2023-33184 1Nextcloud 1Mail Nov 21, 2024 May 27, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed to send GET requests to services running in the same web server. It is recommended that the Mail app is update to version 3.02, 2.2.5 or 1.15.3.
CVE-2023-32348 1Teltonika 1Remote Management System Nov 21, 2024 May 22, 2023 N/A· v4 5.8 MEDIUM· v3 N/A· v2 Teltonika’s Remote Management System versions prior to 4.10.0 contain a virtual private network (VPN) hub feature for cross-device communication that uses OpenVPN. It connects new devices in a manner that allows the new...Show more Teltonika’s Remote Management System versions prior to 4.10.0 contain a virtual private network (VPN) hub feature for cross-device communication that uses OpenVPN. It connects new devices in a manner that allows the new device to communicate with all Teltonika devices connected to the VPN. The OpenVPN server also allows users to route through it. An attacker could route a connection to a remote server through the OpenVPN server, enabling them to scan and access data from other Teltonika devices connected to the VPN. Show less
CVE-2023-31848 1Davinci Project 1Davinci Jan 23, 2025 May 17, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 davinci 0.3.0-rc is vulnerable to Server-side request forgery (SSRF).
CVE-2023-23169 1Synapsoft 1Pdfocus Jan 27, 2025 May 12, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Synapsoft pdfocus 1.17 is vulnerable to local file inclusion and server-side request forgery Directory Traversal.
CVE-2022-29840 1Westerndigital 1My Cloud Os Nov 21, 2024 May 10, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Server-Side Request Forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL to point back to the loopback adapter was addressed in Western Digital My Cloud OS 5 devices. This c...Show more Server-Side Request Forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL to point back to the loopback adapter was addressed in Western Digital My Cloud OS 5 devices. This could allow the URL to exploit other vulnerabilities on the local server.This issue affects My Cloud OS 5 devices before 5.26.202. Show less
CVE-2023-24954 1Microsoft 14Sharepoint Enterprise Server Sharepoint ServerWindows 10 1507+11 more Nov 21, 2024 May 9, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Microsoft SharePoint Server Information Disclosure Vulnerability
CVE-2023-30019 1Evilmartians 1Imgproxy Jan 29, 2025 May 8, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 imgproxy <=3.14.0 is vulnerable to Server-Side Request Forgery (SSRF) due to a lack of sanitization of the imageURL parameter.
CVE-2023-30444 1Ibm 1Watson Machine Learning On Cloud Pak For Data Nov 21, 2024 Apr 27, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 IBM Watson Machine Learning on Cloud Pak for Data 4.0 and 4.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leadi...Show more IBM Watson Machine Learning on Cloud Pak for Data 4.0 and 4.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 253350.Show less
CVE-2023-26735 1Prometheus 1Blackbox Exporter Feb 4, 2025 Apr 26, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 blackbox_exporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources. NOTE: this is...Show more blackbox_exporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources. NOTE: this is disputed by third parties because authentication can be configured.Show less
CVE-2022-48477 1Jetbrains 1Hub Nov 21, 2024 Apr 24, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing
CVE-2023-2140 13ds 1Delmia Apriso Nov 21, 2024 Apr 21, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 A Server-Side Request Forgery vulnerability in DELMIA Apriso Release 2017 through Release 2022 could allow an unauthenticated attacker to issue requests to arbitrary hosts on behalf of the server running the DELMIA Ap...Show more A Server-Side Request Forgery vulnerability in DELMIA Apriso Release 2017 through Release 2022 could allow an unauthenticated attacker to issue requests to arbitrary hosts on behalf of the server running the DELMIA Apriso application. Show less
CVE-2023-25504 1Apache 1Superset Feb 13, 2025 Apr 17, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A malicious actor who has been authenticated and granted specific permissions in Apache Superset may use the import dataset feature in order to conduct Server-Side Request Forgery attacks and query internal resources on...Show more A malicious actor who has been authenticated and granted specific permissions in Apache Superset may use the import dataset feature in order to conduct Server-Side Request Forgery attacks and query internal resources on behalf of the server where Superset is deployed. This vulnerability exists in Apache Superset versions up to and including 2.0.1.Show less
CVE-2018-17452 1Gitlab 1Gitlab Feb 6, 2025 Apr 15, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via a loopback address to the validate_localho...Show more An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via a loopback address to the validate_localhost function in url_blocker.rb.Show less
CVE-2018-17450 1Gitlab 1Gitlab Feb 6, 2025 Apr 15, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via the Kubernetes integration, leading (for e...Show more An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via the Kubernetes integration, leading (for example) to disclosure of a GCP service token.Show less
CVE-2022-43699 1Open Xchange 1Ox App Suite Feb 6, 2025 Apr 15, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 OX App Suite before 7.10.6-rev30 allows SSRF because e-mail account discovery disregards the deny-list and thus can be attacked by an adversary who controls the DNS records of an external domain (found in the host part o...Show more OX App Suite before 7.10.6-rev30 allows SSRF because e-mail account discovery disregards the deny-list and thus can be attacked by an adversary who controls the DNS records of an external domain (found in the host part of an e-mail address).Show less
CVE-2022-43698 1Open Xchange 1Ox App Suite Feb 6, 2025 Apr 15, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 OX App Suite before 7.10.6-rev30 allows SSRF because changing a POP3 account disregards the deny-list.
CVE-2023-28288 1Microsoft 2Sharepoint Foundation Sharepoint Server Jan 1, 2025 Apr 11, 2023 N/A· v4 8.1 HIGH· v3 N/A· v2 Microsoft SharePoint Server Spoofing Vulnerability
CVE-2023-1971 1Tpadmin Project 1Tpadmin Nov 21, 2024 Apr 10, 2023 N/A· v4 4.9 MEDIUM· v3 6.5 MEDIUM· v2 UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, was found in yuan1994 tpAdmin 1.3.12. Affected is the function remote of the file application\admin\controller\Upload.php. The manipulati...Show more UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, was found in yuan1994 tpAdmin 1.3.12. Affected is the function remote of the file application\admin\controller\Upload.php. The manipulation of the argument url leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225408. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.Show less
CVE-2023-29010 1Budibase 1Budibase Nov 21, 2024 Apr 6, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Budibase is a low code platform for creating internal tools, workflows, and admin panels. Versions prior to 2.4.3 (07 March 2023) are vulnerable to Server-Side Request Forgery. This can lead to an attacker gaining access...Show more Budibase is a low code platform for creating internal tools, workflows, and admin panels. Versions prior to 2.4.3 (07 March 2023) are vulnerable to Server-Side Request Forgery. This can lead to an attacker gaining access to a Budibase AWS secret key. Users of Budibase cloud need to take no action. Self-host users who run Budibase on the public internet and are using a cloud provider that allows HTTP access to metadata information should ensure that when they deploy Budibase live, their internal metadata endpoint is not exposed.Show less

Previous 1...939495...134 Next