7440 matches found
CVE-2020-14056
Monsta FTP 2.10.1 or below is prone to a server-side request forgery vulnerability due to insufficient restriction of the web fetch functionality. This allows attackers to read arbitrary local files and interact with arbitrary third-party services...
kubernetes: Server side request forgery (SSRF) in kube-controller-manager allows users to leak secret information
A server side request forgery SSRF flaw was found in Kubernetes. The kube-controller-manager allows authorized users with the ability to create StorageClasses or certain Volume types to leak up to 500 bytes of arbitrary information from the master's host network. This can include secrets from the...
CVE-2020-8544
OX App Suite through 7.10.3 allows SSRF...
CVE-2020-13650
An issue was discovered in DigDash 2018R2 before p20200210 and 2019R1 before p20200210. The login page is vulnerable to Server-Side Request Forgery SSRF that allows use of the application as a proxy. Sent to an external server, a forged request discloses application credentials. For a request to ...
CVE-2020-9643
Adobe Experience Manager versions 6.5 and earlier have a server-side request forgery ssrf vulnerability. Successful exploitation could lead to sensitive information disclosure...
CVE-2020-4101
"HCL Digital Experience is susceptible to Server Side Request Forgery."...
Adobe Experience Manager server-side request forgery vulnerability (CNVD-2020-32612)
Adobe Experience Manager is an enterprise content management solution that helps you simplify the management and delivery of your content and assets. A server-side request forgery vulnerability exists in Adobe Experience Manager. An attacker could exploit this vulnerability to obtain sensitive...
CVE-2020-4529
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 182713...
DEBIAN-CVE-2020-8555
The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery SSRF that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints...
UBUNTU-CVE-2020-8555
The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery SSRF that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints...
Google Kubernetes Cross-Site Request Forgery Vulnerability
Google Kubernetes is a set of open source Docker container cluster management system from the U.S. company Google Google. The system provides resource scheduling, deployment and operation, service discovery and scaling up and down for containerized applications. A security vulnerability exists in...
PT-2020-20206
Name of the Vulnerable Software and Affected Versions Kubernetes versions prior to 1.15.12 Kubernetes versions prior to 1.16.9 Kubernetes versions prior to 1.17.5 Kubernetes versions 1.0 through 1.14 Kubernetes version 1.18.0 Description The issue allows certain authorized users to leak up to 500...
CVE-2020-4365
IBM WebSphere Application Server 8.5 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 178964...
The vulnerability of the WordPress website content management system, related to server-side query manipulation, allows attackers to access sensitive data, compromise its integrity, and cause service interruptions.
The vulnerability of the WordPress website content management system is related to the SSRF request manipulation. This is because URL validation does not consider the interpretation of the name as a sequence of hexadecimal characters. Exploiting this vulnerability can allow an attacker to gain...
CVE-2020-11885
WSO2 Enterprise Integrator through 6.6.0 has an XXE vulnerability where a user with admin console access can use the XML validator to make unintended network invocations such as SSRF via an uploaded file...
IBM QRadar SIEM Server-Side Request Forgery Vulnerability (CNVD-2020-23049)
IBM QRadar SIEM is an IBM USA solution that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user activity, and more. IBM QRadar SIEM ha...
CVE-2020-4294
IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to Server Side Request Forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-ForceID: 176404...
GitLab EE/CE SSRF Vulnerability
GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. An SSRF vulnerability exists in GitLab EE/CE, which can b...
CVE-2020-11453
Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in the Test Web Service functionality exposed through the path /MicroStrategyWS/. The functionality requires no authentication and, while it is not possible to pass parameters in the SSRF request, it is still possible to exploit ...
CVE-2020-11451
The Upload Visualization plugin in the Microstrategy Web 10.4 admin panel allows an administrator to upload a ZIP archive containing files with arbitrary extensions and data. This is also exploitable via SSRF. Note: The ability to upload visualization plugins requires administrator privileges...