CVE-2023-25195 Apache Fineract: SSRF template type vulnerability in certain authenticated users

2023-03-2811:16:28

CWE-918

apache

www.cve.org

apache fineract

ssrf

cve-2023-25195

8.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.0%

JSON

Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache Fineract.
Authorized users with limited permissions can gain access to server and may be able to use server for any outbound traffic.

This issue affects Apache Fineract: from 1.4 through 1.8.3.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "Apache Fineract",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "1.8.3",
        "status": "affected",
        "version": "1.4",
        "versionType": "semver"
      }
    ]
  }
]

References

lists.apache.org/thread/m58fdjmtkfp9h4c0r4l48rv995w3qhb6