JetBrains YouTrack Server-Side Request Forgery Vulnerability

JetBrains YouTrack is a browser-based bug tracking and project management software from the Czech company JetBrains. The software features bug tracking, creating workflows and monitoring project progress. A server-side request forgery vulnerability exists in the workflow component of JetBrains...

JetBrains YouTrack Server-Side Request Forgery Vulnerability

JetBrains YouTrack is a browser-based bug tracking and project management software from the Czech company JetBrains. The software features bug tracking, creating workflows and monitoring project progress. A server-side request forgery vulnerability exists in versions prior to JetBrains YouTrack...

PT-2020-13436 · Gitlab · Gitlab Runner +1

Name of the Vulnerable Software and Affected Versions: GitLab Runner versions prior to 13.0.12 GitLab Runner versions prior to 13.1.6 GitLab Runner versions prior to 13.2.3 Description: The issue allows for Server-Side Request Forgery SSRF by replacing dockerd with a malicious server, making the...

DEBIAN-CVE-2020-16248

Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. NOTE: follow-on discussion suggests that this might plausibly be interpreted as both intended functionality and also a vulnerability...

PT-2020-14841 · Prometheus +2 · Prometheus Blackbox Exporter +2

Name of the Vulnerable Software and Affected Versions: Prometheus Blackbox Exporter versions through 0.17.0 Description: The issue allows for a Server-Side Request Forgery SSRF via the /probe endpoint with the target parameter. There is a discussion suggesting this could be seen as both intended...

CVE-2020-15823

JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component...

hawtio: server side request forgery via initial /proxy/ substring of a URI

Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote attacker to trigger an HTTP request from an affected server to an arbitrary host via the initial /proxy/ substring of a URI...

Exploit for Server-Side Request Forgery in Emby

msfemby This tool will check a remote EMBY server to attempt...

CVE-2020-6282

SAP NetWeaver AS JAVA IIOP service SERVERCORE, versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, and SAP NetWeaver AS JAVA IIOP service CORE-TOOLS, versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send a crafted request from a vulnerable web application. It is usually use...

Server Side Request Forgery Vulnerability in Hitachi Ops Center Analyzer viewpoint

Overview A Server Side Request Forgery Vulnerability was found in Hitachi Ops Center Analyzer viewpoint. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take...

CVE-2020-14056

Monsta FTP 2.10.1 or below is prone to a server-side request forgery vulnerability due to insufficient restriction of the web fetch functionality. This allows attackers to read arbitrary local files and interact with arbitrary third-party services...

kubernetes: Server side request forgery (SSRF) in kube-controller-manager allows users to leak secret information

A server side request forgery SSRF flaw was found in Kubernetes. The kube-controller-manager allows authorized users with the ability to create StorageClasses or certain Volume types to leak up to 500 bytes of arbitrary information from the master's host network. This can include secrets from the...

CVE-2020-8544

OX App Suite through 7.10.3 allows SSRF...

CVE-2020-13650

An issue was discovered in DigDash 2018R2 before p20200210 and 2019R1 before p20200210. The login page is vulnerable to Server-Side Request Forgery SSRF that allows use of the application as a proxy. Sent to an external server, a forged request discloses application credentials. For a request to ...

CVE-2020-9643

Adobe Experience Manager versions 6.5 and earlier have a server-side request forgery ssrf vulnerability. Successful exploitation could lead to sensitive information disclosure...

CVE-2020-4101

"HCL Digital Experience is susceptible to Server Side Request Forgery."...

Adobe Experience Manager server-side request forgery vulnerability (CNVD-2020-32612)

Adobe Experience Manager is an enterprise content management solution that helps you simplify the management and delivery of your content and assets. A server-side request forgery vulnerability exists in Adobe Experience Manager. An attacker could exploit this vulnerability to obtain sensitive...

CVE-2020-4529

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 182713...

DEBIAN-CVE-2020-8555

The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery SSRF that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints...

UBUNTU-CVE-2020-8555

The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery SSRF that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints...