Server side request forgery (ssrf)

Jenkins DRY Plugin 2.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks...

CVE-2018-1000009

Jenkins Checkstyle Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks...

CVE-2018-1000008

Jenkins PMD Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks...

CVE-2018-1000009

Jenkins Checkstyle Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks...

CVE-2018-1000010

Jenkins DRY Plugin 2.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks...

CVE-2018-1000012

Jenkins Warnings Plugin 4.64 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks...

CVE-2018-1000012

Jenkins Warnings Plugin 4.64 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks...

CVE-2018-1000011

Jenkins FindBugs Plugin 4.71 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks...

CVE-2018-1000009

Jenkins Checkstyle Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks...

CVE-2018-1000012

The CVE-2018-1000012 entry concerns CloudBees Jenkins Warnings Plugin (versions 4.64 and earlier). The connected documents describe an XML External Entity (XXE) vulnerability in the plugin’s parsing of build-related files, enabling attackers with Jenkins user permissions to read secrets from the ...

CVE-2018-1000012

Jenkins Warnings Plugin 4.64 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks...

Server side request forgery (ssrf)

The copy function in application/admin/controller/Article.php in NoneCms 1.3.0 allows remote attackers to access the content of internal and external network resources via Server Side Request Forgery SSRF, because URL validation only considers whether the URL contains the "csdn" substring...

(0Day) Belkin NetCam SetSmartDevURL Server-Side Request Forgery Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Belkin NetCam. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of requests to the Wemo SetSmartDevURL API. A crafted request can trigger...

paperclip Server-Side Request Forgery vulnerability

Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde Request Forgery SSRF vulnerability in the Paperclip::UriAdapter class. Attackers may be able to access information about internal network resources...

CVE-2018-1042

Moodle 3.x has Server Side Request Forgery in the filepicker...

Server side request forgery (ssrf)

Moodle 3.x has Server Side Request Forgery in the filepicker...

CVE-2018-1042

Moodle 3.x has Server Side Request Forgery in the filepicker...

CVE-2018-1042

Summary of CVE-2018-1042 (Moodle SSRF): Moodle 3.x is affected by a server-side request forgery in the filepicker. The underlying issue is an SSRF in the filepicker function, enabling an attacker (reported as authenticated) to issue requests from the vulnerable Moodle host, potentially probing in...

CVE-2018-1042

Moodle 3.x has Server Side Request Forgery in the filepicker...

Server Side Request Forgery(SSRF) in the Jira Trello importer - CVE-2017-16865

The Trello importer in Atlassian Jira before version 7.6.1 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery SSRF. When running in an environment like Amazon EC2, this flaw maybe used to access to a metadata resource that provides access...