Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

CVEs (2,641)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-8801 1Gitlab 1Gitlab Nov 21, 2024 Apr 25, 2018 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 GitLab Community and Enterprise Editions version 8.3 up to 10.x before 10.3 are vulnerable to SSRF in the Services and webhooks component.
CVE-2018-10174 1Digitalguardian 1Management Console Nov 21, 2024 Apr 20, 2018 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Digital Guardian Management Console 7.1.2.0015 has an SSRF issue that allows remote attackers to read arbitrary files via file:// URLs, send TCP traffic to intranet hosts, or obtain an NTLM hash. This can occur even if t...Show more Digital Guardian Management Console 7.1.2.0015 has an SSRF issue that allows remote attackers to read arbitrary files via file:// URLs, send TCP traffic to intranet hosts, or obtain an NTLM hash. This can occur even if the logged-in user has a read-only role.Show less
CVE-2018-10220 1Mushmush 1Glastopf Nov 21, 2024 Apr 19, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Glastopf 3.1.3-dev has SSRF, as demonstrated by the abc.php a parameter. NOTE: the vendor indicates that this is intentional behavior because the product is a web application honeypot, and modules/handlers/emulators/rfi....Show more Glastopf 3.1.3-dev has SSRF, as demonstrated by the abc.php a parameter. NOTE: the vendor indicates that this is intentional behavior because the product is a web application honeypot, and modules/handlers/emulators/rfi.py supports Remote File Inclusion emulationShow less
CVE-2017-14611 1Agentejo 1Cockpit Nov 21, 2024 Apr 10, 2018 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 SSRF (Server Side Request Forgery) in Cockpit 0.13.0 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter, related to use of the discontinued aheinze/fetch_url_conte...Show more SSRF (Server Side Request Forgery) in Cockpit 0.13.0 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter, related to use of the discontinued aheinze/fetch_url_contents component.Show less
CVE-2017-14323 1Onethink 1Onethink Nov 21, 2024 Apr 10, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SSRF (Server Side Request Forgery) in getRemoteImage.php in Ueditor in Onethink V1.0 and V1.1 allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution v...Show more SSRF (Server Side Request Forgery) in getRemoteImage.php in Ueditor in Onethink V1.0 and V1.1 allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution via the upfile parameter.Show less
CVE-2017-18096 1Atlassian 1Application Links Nov 21, 2024 Apr 4, 2018 N/A· v4 7.2 HIGH· v3 4.0 MEDIUM· v2 The OAuth status rest resource in Atlassian Application Links before version 5.2.7, from 5.3.0 before 5.3.4 and from 5.4.0 before 5.4.3 allows remote attackers with administrative rights to access the content of internal...Show more The OAuth status rest resource in Atlassian Application Links before version 5.2.7, from 5.3.0 before 5.3.4 and from 5.4.0 before 5.4.3 allows remote attackers with administrative rights to access the content of internal network resources via a Server Side Request Forgery (SSRF) by creating an OAuth application link to a location they control and then redirecting access from the linked location's OAuth status rest resource to an internal location. When running in an environment like Amazon EC2, this flaw maybe used to access to a metadata resource that provides access credentials and other potentially confidential information.Show less
CVE-2017-16614 1Tp Shop 1Tpshop Nov 21, 2024 Mar 30, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SSRF (Server Side Request Forgery) in tpshop 2.0.5 and 2.0.6 allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution via the plugins/payment/weixin/lib...Show more SSRF (Server Side Request Forgery) in tpshop 2.0.5 and 2.0.6 allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution via the plugins/payment/weixin/lib/WxPay.tedatac.php fBill parameter.Show less
CVE-2018-1000138 1Scilico 1I, Librarian Dec 5, 2025 Mar 23, 2018 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 I, Librarian version 4.8 and earlier contains a SSRF vulnerability in "url" parameter of getFromWeb in functions.php that can result in the attacker abusing functionality on the server to read or update internal resource...Show more I, Librarian version 4.8 and earlier contains a SSRF vulnerability in "url" parameter of getFromWeb in functions.php that can result in the attacker abusing functionality on the server to read or update internal resources.Show less
CVE-2018-7516 1Geutebrueck 2G Cam/efd 2250 Firmware Topfd 2125 Firmware Nov 21, 2024 Mar 22, 2018 N/A· v4 7.3 HIGH· v3 7.5 HIGH· v2 A server-side request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which could lead to proxied network scans.
CVE-2014-3990 1Opencart 1Opencart Nov 21, 2024 Mar 20, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The Cart::getProducts method in system/library/cart.php in OpenCart 1.5.6.4 and earlier allows remote attackers to conduct server-side request forgery (SSRF) attacks or possibly conduct XML External Entity (XXE) attacks...Show more The Cart::getProducts method in system/library/cart.php in OpenCart 1.5.6.4 and earlier allows remote attackers to conduct server-side request forgery (SSRF) attacks or possibly conduct XML External Entity (XXE) attacks and execute arbitrary code via a crafted serialized PHP object, related to the quantity parameter in an update request.Show less
CVE-2018-1000124 1Scilico 1I, Librarian Dec 5, 2025 Mar 13, 2018 N/A· v4 10.0 CRITICAL· v3 7.5 HIGH· v2 I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.php(simplexml_load_string) that can result in an attacker reading the contents of a file an...Show more I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.php(simplexml_load_string) that can result in an attacker reading the contents of a file and SSRF. This attack appear to be exploitable via posting xml in the Parameter form_import_textarea.Show less
CVE-2018-7667 1Adminer 1Adminer Nov 21, 2024 Mar 5, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Adminer through 4.3.1 has SSRF via the server parameter.
CVE-2018-1000067 2Jenkins Oracle 2Communications Cloud Native Core Automated Test Suite Jenkins Nov 21, 2024 Feb 16, 2018 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 An improper authorization vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to have Jenkins submit HTTP GET requests and get limited information about the res...Show more An improper authorization vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to have Jenkins submit HTTP GET requests and get limited information about the response.Show less
CVE-2018-7055 1Steelcase 1Roomwizard Firmware Nov 21, 2024 Feb 15, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 GroupViewProxyServlet in RoomWizard before 4.4.x allows SSRF via the url parameter.
CVE-2018-2370 1Sap 1Bi Launchpad Nov 21, 2024 Feb 14, 2018 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Server Side Request Forgery (SSRF) vulnerability in SAP Central Management Console, BI Launchpad and Fiori BI Launchpad, 4.10, from 4.20, from 4.30, could allow a malicious user to use common techniques to determine whic...Show more Server Side Request Forgery (SSRF) vulnerability in SAP Central Management Console, BI Launchpad and Fiori BI Launchpad, 4.10, from 4.20, from 4.30, could allow a malicious user to use common techniques to determine which ports are in use on the backend server.Show less
CVE-2018-1000056 1Jenkins 1Junit Nov 21, 2024 Feb 9, 2018 N/A· v4 8.3 HIGH· v3 6.5 MEDIUM· v2 Jenkins JUnit Plugin 1.23 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perfo...Show more Jenkins JUnit Plugin 1.23 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.Show less
CVE-2018-1000055 1Jenkins 1Android Lint Nov 21, 2024 Feb 9, 2018 N/A· v4 8.3 HIGH· v3 6.5 MEDIUM· v2 Jenkins Android Lint Plugin 2.5 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master,...Show more Jenkins Android Lint Plugin 2.5 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.Show less
CVE-2018-1000054 1Jenkins 1Ccm Nov 21, 2024 Feb 9, 2018 N/A· v4 8.3 HIGH· v3 6.5 MEDIUM· v2 Jenkins CCM Plugin 3.1 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform...Show more Jenkins CCM Plugin 3.1 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.Show less
CVE-2017-6201 1Sandstorm 1Sandstorm Nov 21, 2024 Feb 6, 2018 N/A· v4 8.1 HIGH· v3 5.5 MEDIUM· v2 A Server Side Request Forgery vulnerability exists in the install app process in Sandstorm before build 0.203. A remote attacker may exploit this issue by providing a URL. It could bypass access control such as firewalls...Show more A Server Side Request Forgery vulnerability exists in the install app process in Sandstorm before build 0.203. A remote attacker may exploit this issue by providing a URL. It could bypass access control such as firewalls that prevent the attackers from accessing the URLs directly.Show less
CVE-2017-18036 1Atlassian 1Bitbucket Nov 21, 2024 Feb 2, 2018 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 The Github repository importer in Atlassian Bitbucket Server before version 5.3.0 allows remote attackers to determine if a service they could not otherwise reach has open ports via a Server Side Request Forgery (SSRF) v...Show more The Github repository importer in Atlassian Bitbucket Server before version 5.3.0 allows remote attackers to determine if a service they could not otherwise reach has open ports via a Server Side Request Forgery (SSRF) vulnerability.Show less

Previous 1...128129130...133 Next