In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by default.

In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers leads to saving a cleartext record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2018.3.5, 2018.2.8, 2018.1.8.

In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged in some cases.

In JetBrains Hub before 2021.1.13890, integration with JetBrains Account exposed an API key with excessive permissions.

In JetBrains YouTrack before 2020.3.7955, an attacker could access workflow rules without appropriate access grants.

In JetBrains TeamCity before 2019.2.3, password parameters could be disclosed via build logs.

In JetBrains YouTrack before 2020.2.8527, the subtasks workflow could disclose issue existence.

In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions.

In JetBrains YouTrack before 2020.3.6638, improper access control for some subresources leads to information disclosure via the REST API.

In JetBrains PyCharm 2019.2.5 and 2019.3 on Windows, Apple Notarization Service credentials were included. This is fixed in 2019.2.6 and 2019.3.3.

In JetBrains TeamCity before 2019.2.2, password values were shown in an unmasked format on several pages.

In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacks

In JetBrains YouTrack Mobile before 2021.2, the client-side cache on iOS could contain sensitive information.

In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes could be stored in VCS.

In JetBrains WebStorm before 2021.1, HTTP requests were used instead of HTTPS.

In JetBrains TeamCity before 2020.2.3, insufficient checks of the redirect_uri were made during GitHub SSO token exchange.

In JetBrains TeamCity before 2020.2, an ECR token could be exposed in a build's parameters.

In JetBrains YouTrack before 2020.6.1767, an issue's existence could be disclosed via YouTrack command execution.

In JetBrains IntelliJ IDEA before 2020.2, HTTP links were used for several remote repositories instead of HTTPS.

In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence.

In JetBrains Rider versions 2019.3 EAP2 through 2019.3 EAP7, there were unsigned binaries provided by the Windows installer. This issue was fixed in release version 2019.3.

In JetBrains GoLand before 2019.3.2, the plugin repository was accessed via HTTP instead of HTTPS.

In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings could be accessed using backups.

In JetBrains TeamCity before 2019.1.5, some server-stored passwords could be shown via the web UI.

An SSRF attack was possible on a JetBrains YouTrack server. The issue (1 of 2) was fixed in JetBrains YouTrack 2018.4.49168.

In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing

In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning.

JetBrains YouTrack before 2020.3.888 was vulnerable to SSRF.

JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF).

In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible.

In JetBrains YouTrack before 2020.2.10514, SSRF is possible because URL filtering can be escaped.

JetBrains YouTrack before 2020.3.5333 was vulnerable to SSRF.

An issue was discovered in xmppserver jar in the XMPP Server component of the JIve platform, as used in Pascom Cloud Phone System before 7.20.x (and in other products). An endpoint in the backend Tomcat server of the Pascom allows SSRF, a related issue to CVE-2019-18394.

Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In versions prior to 3.9.7, the requests.get() request in the _check_url method is specified as allow_redirects=True, which allows a server-side request forgery when a request to .well-known/assetlinks.json" returns a 302 redirect. This is a bypass of the fix for CVE-2024-29190 and is fixed in 3.9.7.

Server Side Request Forgery (SSRF) vulneraility exists in Gitea before 1.7.0 using the OpenID URL.

The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f) i.e. not the new HTML5-based vSphere Client, contains SSRF and CRLF injection issues due to improper neutralization of URLs. An attacker may exploit these issues by sending a POST request with modified headers towards internal services leading to information disclosure.

Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL.

The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping.

A Server-Side Request Forgery (SSRF) in the endpoint http://{your-server}/url-to-pdf of Stirling-PDF 0.35.1 allows attackers to access sensitive information via a crafted request.

Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. NOTE: follow-on discussion suggests that this might plausibly be interpreted as both intended functionality and also a vulnerability

qibosoft through V7 allows remote attackers to read arbitrary files via the member/index.php main parameter, as demonstrated by SSRF to a URL on the same web site to read a .sql file.

The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.7.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class.

An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Control server.

The WP STAGING WordPress Backup Plugin WordPress plugin before 3.5.0 does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite configurations.

A Server-Side Request Forgery (SSRF) vulnerability in SMA1000 appliance firmware versions 12.4.3-02676 and earlier allows a remote, unauthenticated attacker to cause the SMA1000 server-side application to make requests to an unintended IP address.

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Unauthorized external users could perform Server Side Requests via the CI Lint API

A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Bitdefender GravityZone versions prior to 3.3.8.272

Server-Side Request Forgery (SSRF) in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via  mod_rewrite or apache expressions that pass unvalidated request input. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.63. Note:  The Apache HTTP Server Project will be setting a higher bar for accepting vulnerability reports regarding SSRF via UNC paths. The server offers limited protection against administrators directing the server to open UNC paths. Windows servers should limit the hosts they will connect over via SMB based on the nature of NTLM authentication.

IBM QRadar SIEM 7.2 and 7.3 is vulnerable to Server Side Request Forgery (SSRF). This may allow an unauthenticated attacker to send unauthorized requests from the QRadar system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 160014.