Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

CVEs (2,678)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-1711 1Diagrams 1Drawio Nov 21, 2024 May 17, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.5.
CVE-2022-1723 1Diagrams 1Drawio Nov 21, 2024 May 17, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.6.
CVE-2022-23668 1Arubanetworks 1Clearpass Policy Manager Nov 21, 2024 May 16, 2022 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 A remote authenticated server-side request forgery (ssrf) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has rele...Show more A remote authenticated server-side request forgery (ssrf) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manage that address this security vulnerability.Show less
CVE-2022-1722 1Diagrams 1Drawio Nov 21, 2024 May 16, 2022 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 SSRF in editor's proxy via IPv6 link-local address in GitHub repository jgraph/drawio prior to 18.0.5. SSRF to internal link-local IPv6 addresses
CVE-2022-1713 1Diagrams 1Drawio Nov 21, 2024 May 16, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information.
CVE-2022-1398 1External Media Without Import Project 1External Media Without Import Nov 21, 2024 May 16, 2022 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 The External Media without Import WordPress plugin through 1.1.2 does not have any authorisation and does to ensure that medias added via URLs are external medias, which could allow any authenticated users, such as subsc...Show more The External Media without Import WordPress plugin through 1.1.2 does not have any authorisation and does to ensure that medias added via URLs are external medias, which could allow any authenticated users, such as subscriber to perform blind SSRF attacksShow less
CVE-2022-1386 2Fusion Builder Project Theme Fusion 2Avada Fusion Builder Nov 21, 2024 May 16, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The Fusion Builder WordPress plugin before 3.6.2, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. The data returned is then reflected back in t...Show more The Fusion Builder WordPress plugin before 3.6.2, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. This could be used to interact with hosts on the server's local network bypassing firewalls and access control measures.Show less
CVE-2022-30049 1Ruifang Tech 1Rebuild Nov 21, 2024 May 15, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A Server-Side Request Forgery (SSRF) in Rebuild v2.8.3 allows attackers to obtain the real IP address and scan Intranet information via the fileurl parameter.
CVE-2022-1379 2Fedoraproject Plantuml 2Fedora Plantuml Nov 21, 2024 May 14, 2022 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5. An attacker can abuse this to bypass URL restrictions that are imposed by the different security profiles and achieve server side request...Show more URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5. An attacker can abuse this to bypass URL restrictions that are imposed by the different security profiles and achieve server side request forgery (SSRF). This allows accessing restricted internal resources/servers or sending requests to third party servers.Show less
CVE-2020-22983 1Microstrategy 1Microstrategy Web Nov 21, 2024 May 13, 2022 N/A· v4 8.1 HIGH· v3 5.8 MEDIUM· v2 A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and earlier, allows remote unauthenticated attackers to conduct a server-side request forgery (SSRF) attack via the srcURL parameter...Show more A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and earlier, allows remote unauthenticated attackers to conduct a server-side request forgery (SSRF) attack via the srcURL parameter to the shortURL task.Show less
CVE-2022-29848 1Progress 1Whatsup Gold Nov 21, 2024 May 11, 2022 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 In Progress Ipswitch WhatsUp Gold 17.0.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read sensitive operating-system attributes from a host t...Show more In Progress Ipswitch WhatsUp Gold 17.0.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read sensitive operating-system attributes from a host that is accessible by the WhatsUp Gold system.Show less
CVE-2022-29847 1Progress 1Whatsup Gold Nov 21, 2024 May 11, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to invoke an API transaction that would allow them to relay encrypted WhatsUp Gold user credentials to a...Show more In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to invoke an API transaction that would allow them to relay encrypted WhatsUp Gold user credentials to an arbitrary host.Show less
CVE-2022-29180 1Charm 1Charm Nov 21, 2024 May 7, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A vulnerability in which attackers could forge HTTP requests to manipulate the `charm` data directory to access or delete anything on the server. This has been patched and is available in release [v0.12.1](https://github...Show more A vulnerability in which attackers could forge HTTP requests to manipulate the `charm` data directory to access or delete anything on the server. This has been patched and is available in release [v0.12.1](https://github.com/charmbracelet/charm/releases/tag/v0.12.1). We recommend that all users running self-hosted `charm` instances update immediately. This vulnerability was found in-house and we haven't been notified of any potential exploiters. ### Additional notes * Encrypted user data uploaded to the Charm server is safe as Charm servers cannot decrypt user data. This includes filenames, paths, and all key-value data. * Users running the official Charm [Docker images](https://github.com/charmbracelet/charm/blob/main/docker.md) are at minimal risk because the exploit is limited to the containerized filesystem.Show less
CVE-2022-1592 1Clinical Genomics 1Scout Nov 21, 2024 May 5, 2022 N/A· v4 8.2 HIGH· v3 6.4 MEDIUM· v2 Server-Side Request Forgery in scout in GitHub repository clinical-genomics/scout prior to v4.42. An attacker could make the application perform arbitrary requests to fishing steal cookie, request to private area, or lea...Show more Server-Side Request Forgery in scout in GitHub repository clinical-genomics/scout prior to v4.42. An attacker could make the application perform arbitrary requests to fishing steal cookie, request to private area, or lead to xss...Show less
CVE-2022-29942 1Talend 1Administration Center Nov 21, 2024 May 4, 2022 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Talend Administration Center has a vulnerability that allows an authenticated user to use the Service Registry 'Add' functionality to perform SSRF HTTP GET requests on URLs in the internal network. The issue is fixed for...Show more Talend Administration Center has a vulnerability that allows an authenticated user to use the Service Registry 'Add' functionality to perform SSRF HTTP GET requests on URLs in the internal network. The issue is fixed for versions 8.0.x in TPS-5189, versions 7.3.x in TPS-5175, and versions 7.2.x in TPS-5201. Earlier versions of Talend Administration Center may also be impacted; users are encouraged to update to a supported version.Show less
CVE-2022-28090 1Ujcms 1Jspxcms Nov 21, 2024 May 4, 2022 N/A· v4 6.5 MEDIUM· v3 6.4 MEDIUM· v2 Jspxcms v10.2.0 allows attackers to execute a Server-Side Request Forgery (SSRF) via /cmscp/ext/collect/fetch_url.do?url=.
CVE-2022-1239 1Hubspot 1Hubspot Nov 21, 2024 May 2, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 The HubSpot WordPress plugin before 8.8.15 does not validate the proxy URL given to the proxy REST endpoint, which could allow users with the edit_posts capability (by default contributor and above) to perform SSRF attac...Show more The HubSpot WordPress plugin before 8.8.15 does not validate the proxy URL given to the proxy REST endpoint, which could allow users with the edit_posts capability (by default contributor and above) to perform SSRF attacksShow less
CVE-2021-40822 1Osgeo 1Geoserver Nov 21, 2024 May 2, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host.
CVE-2022-25850 1Proxyscotch Project 1Proxyscotch Nov 21, 2024 May 1, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The package github.com/hoppscotch/proxyscotch before 1.0.0 are vulnerable to Server-side Request Forgery (SSRF) when interceptor mode is set to proxy. It occurs when an HTTP request is made by a backend server to an untr...Show more The package github.com/hoppscotch/proxyscotch before 1.0.0 are vulnerable to Server-side Request Forgery (SSRF) when interceptor mode is set to proxy. It occurs when an HTTP request is made by a backend server to an untrusted URL submitted by a user. It leads to a leakage of sensitive information from the server.Show less
CVE-2022-24449 1Rt Solar 1Solar Appscreener Nov 21, 2024 Apr 28, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Solar appScreener through 3.10.4, when a valid license is not present, allows XXE and SSRF attacks via a crafted XML document.

Previous 1...103104105...134 Next