1754 matches found
CVE-2022-23184
In affected Octopus Server versions when the server HTTP and HTTPS bindings are configured to localhost, Octopus Server will allow open redirects...
CVE-2022-23184
In affected Octopus Server versions when the server HTTP and HTTPS bindings are configured to localhost, Octopus Server will allow open redirects...
CVE-2022-23184
CVE-2022-23184 concerns Octopus Server where HTTP/HTTPS bindings set to localhost allow open redirects. The connected sources confirm the vulnerable condition but do not specify affected versions, root cause details beyond localhost binding, exploit status, or a published fix. No mitigation or pa...
Octopus Server 输入验证错误漏洞
Octopus Server is an automated deployment platform. An input validation error vulnerability exists in Octopus Server that stems from the product's configuration of HTTP and HTTPS bindings to the local host where the server will allow open redirects...
DEBIAN-CVE-2020-8562
As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. As part of this mitigation Kubernetes does a...
UBUNTU-CVE-2020-8562
As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. As part of this mitigation Kubernetes does a...
Server-Side Request Forgery (SSRF)
calibreweb is vulnerable to server-side request forgery. The vulnerability exists in deleteuser function of admin.py due to lack of validation which allows an attacker to fetch localhost URL and upload a book cover...
Rootless containers run with Podman receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication. This issue affects Podman 1.8.0 onwards.
...
CVE-2021-39927
Server side request forgery protections in GitLab CE/EE versions between 8.4 and 14.4.4, between 14.5.0 and 14.5.2, and between 14.6.0 and 14.6.1 would fail to protect against attacks sending requests to localhost on port 80 or 443 if GitLab was configured to run on a port other than 80 or 443...
Server side request forgery (ssrf)
Server side request forgery protections in GitLab CE/EE versions between 8.4 and 14.4.4, between 14.5.0 and 14.5.2, and between 14.6.0 and 14.6.1 would fail to protect against attacks sending requests to localhost on port 80 or 443 if GitLab was configured to run on a port other than 80 or 443...
CVE-2021-39927
Server side request forgery protections in GitLab CE/EE versions between 8.4 and 14.4.4, between 14.5.0 and 14.5.2, and between 14.6.0 and 14.6.1 would fail to protect against attacks sending requests to localhost on port 80 or 443 if GitLab was configured to run on a port other than 80 or 443...
UBUNTU-CVE-2021-39927
Server side request forgery protections in GitLab CE/EE versions between 8.4 and 14.4.4, between 14.5.0 and 14.5.2, and between 14.6.0 and 14.6.1 would fail to protect against attacks sending requests to localhost on port 80 or 443 if GitLab was configured to run on a port other than 80 or 443...
PT-2022-11089 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 8.4 through 14.4.4 GitLab CE/EE versions 14.5.0 through 14.5.2 GitLab CE/EE versions 14.6.0 through 14.6.1 Description: The issue concerns a server-side request forgery protection failure in GitLab CE/EE. This failure...
Server-Side Request Forgery (SSRF) in janeczku/calibre-web
Title Blind SSRF via URL fetch Summary calibre-web allows external URL fetching in order to upload a book cover. However, instead of external URL it is possible to point to localhost, which will be reached resulting in blind SSRF. Steps to reproduce 1. 1. As an admin give permissions to upload...
GHSA-284F-F2HW-J2GX Server-Side Request Forgery vulnerability in concrete5
A Server-Side Request Forgery vulnerability was found in concrete5 8.5.5 that allowed a decimal notation encoded IP address to bypass the limitations in place for localhost allowing interaction with local services. Impact can vary depending on services exposed...
Server-Side Request Forgery vulnerability in concrete5
A Server-Side Request Forgery vulnerability was found in concrete5 8.5.5 that allowed a decimal notation encoded IP address to bypass the limitations in place for localhost allowing interaction with local services. Impact can vary depending on services exposed...
CVE-2021-22958
A Server-Side Request Forgery vulnerability was found in concrete5 8.5.5 that allowed a decimal notation encoded IP address to bypass the limitations in place for localhost allowing interaction with local services. Impact can vary depending on services exposed.CVSSv2.0...
CVE-2021-22958
A Server-Side Request Forgery vulnerability was found in concrete5 8.5.5 that allowed a decimal notation encoded IP address to bypass the limitations in place for localhost allowing interaction with local services. Impact can vary depending on services exposed.CVSSv2.0...
Server side request forgery (ssrf)
A Server-Side Request Forgery vulnerability was found in concrete5 8.5.5 that allowed a decimal notation encoded IP address to bypass the limitations in place for localhost allowing interaction with local services. Impact can vary depending on services exposed.CVSSv2.0...
CVE-2021-22958
A Server-Side Request Forgery vulnerability was found in concrete5 8.5.5 that allowed a decimal notation encoded IP address to bypass the limitations in place for localhost allowing interaction with local services. Impact can vary depending on services exposed.CVSSv2.0...