CWE:
 

Topic
Date
Author
High
Fortify SSC 17.10 / 17.20 / 18.10 XXE Injection
14.07.2018
Alt3kx
Low
SPIP 3.1.2 Server Side Request Forgery
20.10.2016
Nicolas CHATELAIN
Low
Google Docs XSPA / SSRF
10.09.2016
Ashiyane Digital Secur...
Low
Infoware MapSuite Server-Side Request Forgery
04.06.2014
Christian


CVEMAP Search Results

CVE
Details
Description
2019-04-17
Medium
CVE-2019-9174

Vendor: Gitlab
Software: Gitlab
 

 
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows SSRF.

 
2019-04-01
Medium
CVE-2019-10686

Vendor: Ctrip
Software: Apollo
 

 
An SSRF vulnerability was found in an API from Ctrip Apollo through 1.4.0-SNAPSHOT. An attacker may use it to do an intranet port scan or raise a GET request via /system-info/health because the %23 substring is mishandled.

 
2019-03-25
Medium
CVE-2019-3809

Vendor: Moodle
Software: Moodle
 

 
A flaw was found in Moodle versions 3.1 to 3.1.15 and earlier unsupported versions. The mybackpack functionality allowed setting the URL of badges, when it should be restricted to the Mozilla Open Badges backpack URL. This resulted in the possibility of blind SSRF via requests made by the page.

 
Medium
CVE-2019-3395

Vendor: Atlassian
Software: Confluence
 

 
The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed version for 6.6.x), from version 6.7.0 before 6.8.5 (the fixed version for 6.8.x), and from version 6.9.0 before 6.9.3 (the fixed version for 6.9.x) allows remote attackers to send arbitrary HTTP and WebDAV requests from a Confluence Server or Data Center instance via Server-Side Request Forgery.

 
2019-03-21
Medium
CVE-2019-6970

Vendor: Moodle
Software: Moodle
 

 
Moodle 3.5.x before 3.5.4 allows SSRF.

 
Medium
CVE-2018-13103

Vendor: Open-xchange
Software: Open-xchange...
 

 
OX App Suite 7.8.4 and earlier allows SSRF.

 
2019-03-08
Medium
CVE-2017-3164

Vendor: Apache
Software: SOLR
 

 
Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL.

 
2019-02-21
Medium
CVE-2019-8982

Vendor: Wavemaker
Software: Wavemarker s...
 

 
com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value, leading to disclosure of local files and SSRF.

 
2019-02-20
Low
CVE-2019-1003028

Vendor: Jenkins
Software: Jms messaging
 

 
A server-side request forgery vulnerability exists in Jenkins JMS Messaging Plugin 1.1.1 and earlier in SSLCertificateAuthenticationMethod.java, UsernameAuthenticationMethod.java that allows attackers with Overall/Read permission to have Jenkins connect to a JMS endpoint.

 
Low
CVE-2019-1003027

Vendor: Jenkins
Software: Octopusdeploy
 

 
A server-side request forgery vulnerability exists in Jenkins OctopusDeploy Plugin 1.8.1 and earlier in OctopusDeployPlugin.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified URL and obtain the HTTP response code if successful, and exception error message otherwise.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top