Common Weakness Enumeration

CWE-918

Allowed

Server-Side Request Forgery (SSRF)

Abstraction: Base · Status: Incomplete

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

4652 vulnerabilities reference this CWE, most recent first.

GHSA-5P7Q-VJP4-VCRG

Vulnerability from github – Published: 2024-05-22 06:30 – Updated: 2024-08-19 21:35
VLAI
Details

Server-side request forgery (SSRF) vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series versions prior to Ver.3.0.32. If this vulnerability is exploited, a user with an administrator or higher privilege who can log in to the product may obtain arbitrary files on the server and information on the internal server that is not disclosed to the public.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-30420"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-22T05:15:52Z",
    "severity": "MODERATE"
  },
  "details": "Server-side request forgery (SSRF) vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series versions prior to Ver.3.0.32. If this vulnerability is exploited, a user with an administrator or higher privilege who can log in to the product may obtain arbitrary files on the server and information on the internal server that is not disclosed to the public.",
  "id": "GHSA-5p7q-vjp4-vcrg",
  "modified": "2024-08-19T21:35:06Z",
  "published": "2024-05-22T06:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30420"
    },
    {
      "type": "WEB",
      "url": "https://developer.a-blogcms.jp/blog/news/JVN-70977403.html"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN70977403"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5P98-WPC9-G498

Vulnerability from github – Published: 2020-09-04 15:21 – Updated: 2022-06-22 19:28
VLAI
Summary
Server-Side Request Forgery in html-pdf-chrome
Details

Recommendation

This package is working as intended. A Security section has been added since v0.6.1 to detail proper usage of this library. Npm has revoked their advisory altogether.

Original Advisory

All versions of html-pdf-chrome are vulnerable to Server-Side Request Forgery (SSRF). The package executes HTTP requests if the parsed HTML contains external references to resources, such as <iframe src="http://localhost" height="800px" width="800px"></iframe>. This allows attackers to access resources through HTTP that are accessible to the server, including private resources in the hosting environment.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "html-pdf-chrome"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.6.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-08-31T18:55:39Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "## Recommendation\nThis package is working as intended. A [Security](https://github.com/westy92/html-pdf-chrome#security) section has been added since v0.6.1 to detail proper usage of this library. Npm has revoked their advisory altogether.\n\n## Original Advisory\nAll versions of `html-pdf-chrome` are vulnerable to Server-Side Request Forgery (SSRF). The package executes HTTP requests if the parsed HTML contains external references to resources, such as `\u003ciframe src=\"http://localhost\" height=\"800px\" width=\"800px\"\u003e\u003c/iframe\u003e`. This allows attackers to access resources through HTTP that are accessible to the server, including private resources in the hosting environment.",
  "id": "GHSA-5p98-wpc9-g498",
  "modified": "2022-06-22T19:28:32Z",
  "published": "2020-09-04T15:21:32Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/westy92/html-pdf-chrome/issues/249"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/westy92/html-pdf-chrome"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/1339"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Server-Side Request Forgery in html-pdf-chrome"
}

GHSA-5PFQ-2C6W-69MM

Vulnerability from github – Published: 2022-06-24 00:00 – Updated: 2022-06-30 00:00
VLAI
Details

OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the parameter entryUrls.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-34011"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-23T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the parameter entryUrls.",
  "id": "GHSA-5pfq-2c6w-69mm",
  "modified": "2022-06-30T00:00:37Z",
  "published": "2022-06-24T00:00:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34011"
    },
    {
      "type": "WEB",
      "url": "https://gitee.com/yadong.zhang/DBlog/issues/I5CB2A"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5PFQ-GM94-5F9G

Vulnerability from github – Published: 2024-04-09 21:31 – Updated: 2026-04-08 21:32
VLAI
Details

The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.26 via the 'kadence_import_get_new_connection_data' AJAX action. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-6964"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-09T19:15:13Z",
    "severity": "HIGH"
  },
  "details": "The Gutenberg Blocks by Kadence Blocks \u2013 Page Builder Features plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.26 via the \u0027kadence_import_get_new_connection_data\u0027 AJAX action. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.",
  "id": "GHSA-5pfq-gm94-5f9g",
  "modified": "2026-04-08T21:32:27Z",
  "published": "2024-04-09T21:31:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6964"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3019592%40kadence-blocks\u0026old=2996625%40kadence-blocks\u0026sfp_email=\u0026sfph_mail="
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b01ad77f-2349-48bb-b4e9-f7cbce435de9?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5PG5-2RP3-4HW8

Vulnerability from github – Published: 2022-05-13 01:03 – Updated: 2022-05-13 01:03
VLAI
Details

The VerifyPopServerConnection resource in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and from version 7.13.0 before version 7.13.1 allows remote attackers who have administrator rights to determine the existence of internal hosts & open ports and in some cases obtain service information from internal network resources via a Server Side Request Forgery (SSRF) vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-13404"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-02-13T18:29:00Z",
    "severity": "MODERATE"
  },
  "details": "The VerifyPopServerConnection resource in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and from version 7.13.0 before version 7.13.1 allows remote attackers who have administrator rights to determine the existence of internal hosts \u0026 open ports and in some cases obtain service information from internal network resources via a Server Side Request Forgery (SSRF) vulnerability.",
  "id": "GHSA-5pg5-2rp3-4hw8",
  "modified": "2022-05-13T01:03:04Z",
  "published": "2022-05-13T01:03:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13404"
    },
    {
      "type": "WEB",
      "url": "https://jira.atlassian.com/browse/JRASERVER-68527"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5PHW-3JRP-3VJ8

Vulnerability from github – Published: 2021-05-10 15:18 – Updated: 2021-04-14 15:52
VLAI
Summary
Server-Side Request Forgery in Apache Solr
Details

The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the "shards" parameter. Prior to this bug getting fixed, it did not. This problem affects essentially all Solr versions prior to it getting fixed in 8.8.2.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.solr:solr-parent"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.8.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-27905"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-04-14T15:52:41Z",
    "nvd_published_at": "2021-04-13T07:15:00Z",
    "severity": "HIGH"
  },
  "details": "The ReplicationHandler (normally registered at \"/replication\" under a Solr core) in Apache Solr has a \"masterUrl\" (also \"leaderUrl\" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the \"shards\" parameter. Prior to this bug getting fixed, it did not. This problem affects essentially all Solr versions prior to it getting fixed in 8.8.2.",
  "id": "GHSA-5phw-3jrp-3vj8",
  "modified": "2021-04-14T15:52:41Z",
  "published": "2021-05-10T15:18:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27905"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r0ddc3a82bd7523b1453cb7a5e09eb5559517145425074a42eb326b10%40%3Cannounce.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc@%3Cusers.solr.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314@%3Cusers.solr.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r6ccec7fc54d82591b23c143f1f6a6e38f6e03e75db70870e4cb14a1a@%3Ccommits.ofbiz.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r720a4a0497fc90bad5feec8aa18b777912ee15c7eeb5f882adbf523e@%3Ccommits.ofbiz.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r78a3a4f1138a1608b0c6d4a2ee7647848c1a20b0d5c652cd9b02c25a@%3Ccommits.ofbiz.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r8f1152a43c36d878bbeb5a92f261e9efaf3af313b033d7acfccea59d@%3Cnotifications.ofbiz.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef@%3Cusers.solr.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rae9ccaecce9859f709ed1458545d90a4c07163070dc98b5e9e59057f@%3Cnotifications.ofbiz.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rd232d77c57a8ce172359ab098df9512d8b37373ab87c444be911b430@%3Cnotifications.ofbiz.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/re9d64bb8e5dfefddcbf255adb4559e13a0df5b818da1b9b51329723f@%3Cnotifications.ofbiz.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20210611-0009"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Server-Side Request Forgery in Apache Solr"
}

GHSA-5PQP-Q4FM-4P4H

Vulnerability from github – Published: 2024-07-23 06:32 – Updated: 2024-08-01 15:32
VLAI
Details

The Page Builder Gutenberg Blocks WordPress plugin before 3.1.12 does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-4260"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-23T06:15:09Z",
    "severity": "MODERATE"
  },
  "details": "The Page Builder Gutenberg Blocks  WordPress plugin before 3.1.12 does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks.",
  "id": "GHSA-5pqp-q4fm-4p4h",
  "modified": "2024-08-01T15:32:06Z",
  "published": "2024-07-23T06:32:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4260"
    },
    {
      "type": "WEB",
      "url": "https://wpscan.com/vulnerability/69f33e20-8ff4-491c-8f37-a4eadd4ea8cf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5PR3-M5HM-9956

Vulnerability from github – Published: 2023-10-24 19:21 – Updated: 2023-10-27 21:04
VLAI
Summary
WPS Server Side Request Forgery vulnerability
Details

Summary

The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests.

This presents the opportunity for Server Side Request Forgery.

Details

This vulnerability requires:

  • The WPS extension to be installed
  • The WPS security setting "Disable complex inputs" to be unselected
  • Security URL checks to be disabled

Impact

This vulnerability presents the opportunity for Server Side Request Forgery.

Mitigation

The ability to reference an external URL location is defined by the WPS standard Execute operation. This operations is defined by an Industry and International standard and cannot be redefined by the GeoServer application in isolation.

To disable complex remote inputs on GeoServer 2.20.5 and GeoServer 2.21.0:

  1. Navigate to Security > WPS Security page
  2. Locate Complex Inputs heading
  3. Select the check box for Disable loading complex inputs from remote references

Resolution

To allow processing of complex inputs safely in GeoServer 2.22.5 and GeoServer 2.23.2:

  1. Navigate to Security > URL Checks
  2. Enable URL Checks are enabled setting
  3. Check the user manual for examples of how to trust specific locations for your external services.

Processing of complex inputs safely is on by default in GeoServer 2.24.0.

References

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.geoserver.extension:gs-wps-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.22.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.geoserver.extension:gs-wps-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.23.0"
            },
            {
              "fixed": "2.23.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-43795"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-10-24T19:21:02Z",
    "nvd_published_at": "2023-10-25T18:17:32Z",
    "severity": "HIGH"
  },
  "details": "### Summary\n\nThe OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests.\n\nThis presents the opportunity for Server Side Request Forgery.\n\n## Details\n\nThis vulnerability requires:\n\n* The WPS extension to be installed\n* The WPS security setting \"Disable complex inputs\" to be unselected\n* Security URL checks to be disabled\n\n### Impact\n\nThis vulnerability presents the opportunity for Server Side Request Forgery.\n\n### Mitigation\n\nThe ability to reference an external URL location is defined by the WPS standard Execute operation. This operations is defined by an Industry and International standard and cannot be redefined by the GeoServer application in isolation.\n\nTo disable complex remote inputs on GeoServer 2.20.5 and GeoServer 2.21.0:\n\n1.  Navigate to **Security \u003e WPS Security** page\n2. Locate **Complex Inputs** heading\n3. Select the check box for **Disable loading complex inputs from remote references**\n\n### Resolution\n\nTo allow processing of complex inputs safely in GeoServer 2.22.5 and GeoServer 2.23.2:\n\n1. Navigate to **Security \u003e URL Checks**\n2. Enable **URL Checks** are enabled setting\n3. Check the user manual for [examples](https://docs.geoserver.org/latest/en/user/security/urlchecks.html#example-regex-patterns) of how to trust specific locations for your external services.\n\nProcessing of complex inputs safely is on by default in GeoServer 2.24.0.\n\n### References\n\n* [Complex Inputs](https://docs.geoserver.org/stable/en/user/services/wps/security.html#complex-inputs)\n* [URL Checks](https://docs.geoserver.org/latest/en/user/security/urlchecks.html)\n",
  "id": "GHSA-5pr3-m5hm-9956",
  "modified": "2023-10-27T21:04:48Z",
  "published": "2023-10-24T19:21:02Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43795"
    },
    {
      "type": "WEB",
      "url": "https://docs.geoserver.org/latest/en/user/security/urlchecks.html"
    },
    {
      "type": "WEB",
      "url": "https://docs.geoserver.org/stable/en/user/services/wps/security.html#complex-inputs"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/geoserver/geoserver"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "WPS Server Side Request Forgery vulnerability"
}

GHSA-5PRG-H6VM-WXCF

Vulnerability from github – Published: 2024-01-23 21:30 – Updated: 2025-06-20 21:31
VLAI
Details

A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an attacker to interact with internal or local services directly.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

This is a similar, but not identical vulnerability as CVE-2023-38625.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-38626"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-23T21:15:08Z",
    "severity": "MODERATE"
  },
  "details": "A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an attacker to interact with internal or local services directly.\n\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThis is a similar, but not identical vulnerability as CVE-2023-38625.",
  "id": "GHSA-5prg-h6vm-wxcf",
  "modified": "2025-06-20T21:31:49Z",
  "published": "2024-01-23T21:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38626"
    },
    {
      "type": "WEB",
      "url": "https://success.trendmicro.com/dcx/s/solution/000294176?language=en_US"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1000"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5Q63-QW95-5VXH

Vulnerability from github – Published: 2022-05-24 19:11 – Updated: 2022-05-24 19:11
VLAI
Details

Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due to improper sanitation in table_population.php.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-37353"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-13T12:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due to improper sanitation in table_population.php.",
  "id": "GHSA-5q63-qw95-5vxh",
  "modified": "2022-05-24T19:11:07Z",
  "published": "2022-05-24T19:11:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37353"
    },
    {
      "type": "WEB",
      "url": "https://www.nagios.com/downloads/nagios-xi/change-log"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

No mitigation information available for this CWE.

CAPEC-664: Server Side Request Forgery

An adversary exploits improper input validation by submitting maliciously crafted input to a target application running on a server, with the goal of forcing the server to make a request either to itself, to web services running in the server’s internal network, or to external third parties. If successful, the adversary’s request will be made with the server’s privilege level, bypassing its authentication controls. This ultimately allows the adversary to access sensitive data, execute commands on the server’s network, and make external requests with the stolen identity of the server. Server Side Request Forgery attacks differ from Cross Site Request Forgery attacks in that they target the server itself, whereas CSRF attacks exploit an insecure user authentication mechanism to perform unauthorized actions on the user's behalf.