Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/06/06 8:12 p.m.19 views

CVE-2025-46341

FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, when the server is using HTTP auth via reverse proxy, it's possible to impersonate any user either via the Remote-User header or the X-WebAuth-User header by making specially crafted requests via the add feed functionality an...

7.1CVSS7.7AI score0.00392EPSS
Exploits1References1
CVE
CVE
added 2025/06/04 8:9 p.m.63 views

CVE-2025-46341

FreshRSS before 1.26.2 is vulnerable to user impersonation via HTTP auth when behind a reverse proxy. An attacker who knows the proxied instance IP, the admin username, and has an account can craft requests through the add feed flow to obtain a CSRF token and impersonate other users using the Rem...

7.1CVSS7.3AI score0.00392EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2025/06/04 8:9 p.m.20 views

CVE-2025-46341 Privilege escalation via SSRF when using HTTP auth

FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, when the server is using HTTP auth via reverse proxy, it's possible to impersonate any user either via the Remote-User header or the X-WebAuth-User header by making specially crafted requests via the add feed functionality an...

7.1CVSS0.00392EPSS
Exploits1References2
OSV
OSV
added 2025/06/04 8:9 p.m.6 views

CVE-2025-46341 Privilege escalation via SSRF when using HTTP auth

FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, when the server is using HTTP auth via reverse proxy, it's possible to impersonate any user either via the Remote-User header or the X-WebAuth-User header by making specially crafted requests via the add feed functionality an...

7.1CVSS7.2AI score0.00392EPSS
Exploits1References4
Rows per page
Query Builder