CloudBees Jenkins Mattermost Notification Plugin Server Request Forgery Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Mattermost Notification Plugin is used in one...

CVE-2019-8982

com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value, leading to disclosure of local files and SSRF...

PT-2019-11323 · Jenkins · Jenkins Mattermost Notification Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Mattermost Notification Plugin versions 2.6.2 and earlier Description: A server-side request forgery issue exists that allows attackers with Overall/Read permission to have the system connect to an attacker-specified server and room a...

PT-2019-11324 · Jenkins · Jenkins Octopusdeploy Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins OctopusDeploy Plugin versions 1.8.1 and earlier Description: A server-side request forgery issue exists that allows attackers with Overall/Read permission to have the server connect to an attacker-specified URL and obtain the HTTP...

PT-2019-11325 · Jenkins · Jenkins Jms Messaging Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins JMS Messaging Plugin versions 1.1.1 and earlier Description: A server-side request forgery issue exists that allows attackers with Overall/Read permission to have Jenkins connect to a JMS endpoint. This is due to vulnerabilities in th...

Atlassian JIRA Server-Side Request Forgery Vulnerability

Atlassian JIRA is a defect tracking management system from Atlassian Australia. The system is used to track and manage all types of issues and defects in the workplace. A server-side request forgery vulnerability exists in the VerifyPopServerConnection resource in Atlassian JIRA, which can be...

CVE-2019-1679

A vulnerability in the web interface of Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server VCS Software could allow an authenticated, remote attacker to trigger an HTTP request from an affected server to an arbitrary host. This type of attack ...

PT-2019-11318 · Jenkins · Jenkins Kanboard Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Kanboard Plugin versions 1.5.10 and earlier Description: A server-side request forgery issue exists that allows attackers with Overall/Read permission to submit a GET request to an attacker-specified URL, potentially leading to...

CVE-2018-15657

An SSRF issue was discovered in 42Gears SureMDM before 2018-11-27 via the /api/DownloadUrlResponse.ashx "url" parameter...

CVE-2018-19858

PrinceXML, versions 10 and below, is vulnerable to XXE due to the lack of protection against external entities. If an attacker passes HTML referencing an XML file e.g., in an IFRAME element, PrinceXML will fetch the XML and parse it, thus giving an attacker file-read access and full-fledged SSRF...

CVE-2018-12609

OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery...

GHSA-9MXF-G3X6-WV74 Server-Side Request Forgery (SSRF) in jackson-databind

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery SSRF attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization...

Zoho ManageEngine ADSelfService Plus Server-Side Request Forgery Vulnerability

ZOHO ManageEngine ADSelfService Plus is a Web-based end-user password management software from ZOHO. A server-side request forgery vulnerability exists in ZOHO ManageEngine ADSelfService Plus versions prior to 5.x build 5703, which can be exploited by an attacker to perform a server-side request...

CVE-2019-3905

Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF...

Jspxcms Server-Side Request Forgery Vulnerability

Jspxcms is a scalable enterprise-class open source web content management system CMS. A server-side request forgery vulnerability exists in Jspxcms version 9.0.0. No detailed vulnerability details are provided at this time...

CVE-2018-20528

JEECMS 9 has SSRF via the ueditor/getRemoteImage.jspx upfile parameter...

CVE-2018-20463

An issue was discovered in the JSmol2WP plugin 1.07 for WordPress. There is an arbitrary file read vulnerability via ../ directory traversal in query=php://filter/resource= in the jsmol.php query string. This can also be used for SSRF...

CVE-2018-1000827

Ubilling version = 0.9.2 contains a Other/Unknown vulnerability in user-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution...

DEBIAN-CVE-2018-1000832

ZoneMinder version = 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution...

PT-2018-9544 · Neo4J Contrib · Neo4J-Apoc-Procedures

Name of the Vulnerable Software and Affected Versions: neo4j-contrib neo4j-apoc-procedures versions before commit 45bc09c Description: The issue is related to a XML External Entity XXE vulnerability in the XML Parser. This can result in disclosure of confidential data, denial of service,...