Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-25801

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-14 Jul, 2022 | 11:44
Updated At-03 Aug, 2024 | 04:49
Rejected At-
Credits

Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via Scripted Action tools.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:14 Jul, 2022 | 11:44
Updated At:03 Aug, 2024 | 04:49
Rejected At:
▼CVE Numbering Authority (CNA)

Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via Scripted Action tools.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://docs.bestpractical.com/release-notes/rtir/index.html
x_refsource_MISC
https://docs.bestpractical.com/release-notes/rtir/5.0.3
x_refsource_CONFIRM
https://docs.bestpractical.com/release-notes/rtir/4.0.3
x_refsource_CONFIRM
Hyperlink: https://docs.bestpractical.com/release-notes/rtir/index.html
Resource:
x_refsource_MISC
Hyperlink: https://docs.bestpractical.com/release-notes/rtir/5.0.3
Resource:
x_refsource_CONFIRM
Hyperlink: https://docs.bestpractical.com/release-notes/rtir/4.0.3
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://docs.bestpractical.com/release-notes/rtir/index.html
x_refsource_MISC
x_transferred
https://docs.bestpractical.com/release-notes/rtir/5.0.3
x_refsource_CONFIRM
x_transferred
https://docs.bestpractical.com/release-notes/rtir/4.0.3
x_refsource_CONFIRM
x_transferred
Hyperlink: https://docs.bestpractical.com/release-notes/rtir/index.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://docs.bestpractical.com/release-notes/rtir/5.0.3
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://docs.bestpractical.com/release-notes/rtir/4.0.3
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:14 Jul, 2022 | 12:15
Updated At:20 Jul, 2022 | 10:40

Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via Scripted Action tools.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.1CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Type: Primary
Version: 3.1
Base score: 9.1
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CPE Matches
Best Practical Solutions, LLC
bestpractical
>>request_tracker_for_incident_response>>Versions before 4.0.3(exclusive)
cpe:2.3:a:bestpractical:request_tracker_for_incident_response:*:*:*:*:*:*:*:*
Best Practical Solutions, LLC
bestpractical
>>request_tracker_for_incident_response>>Versions from 5.0.0(inclusive) to 5.0.3(exclusive)
cpe:2.3:a:bestpractical:request_tracker_for_incident_response:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-918Primarynvd@nist.gov
CWE ID: CWE-918
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://docs.bestpractical.com/release-notes/rtir/4.0.3cve@mitre.org
Patch
Release Notes
Vendor Advisory
https://docs.bestpractical.com/release-notes/rtir/5.0.3cve@mitre.org
Patch
Release Notes
Vendor Advisory
https://docs.bestpractical.com/release-notes/rtir/index.htmlcve@mitre.org
Release Notes
Vendor Advisory
Hyperlink: https://docs.bestpractical.com/release-notes/rtir/4.0.3
Source: cve@mitre.org
Resource:
Patch
Release Notes
Vendor Advisory
Hyperlink: https://docs.bestpractical.com/release-notes/rtir/5.0.3
Source: cve@mitre.org
Resource:
Patch
Release Notes
Vendor Advisory
Hyperlink: https://docs.bestpractical.com/release-notes/rtir/index.html
Source: cve@mitre.org
Resource:
Release Notes
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

73Records found
CVE-2025-28089
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.05% / 13.98%
||
7 Day CHG-0.02%
Published-28 Mar, 2025 | 00:00
Updated-07 Apr, 2025 | 14:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) via the Scheduled Task function.

Action-Not Available
Vendor-maccmsn/a
Product-maccmsn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-25785
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.05% / 16.50%
||
7 Day CHG~0.00%
Published-26 Feb, 2025 | 00:00
Updated-10 Apr, 2025 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JizhiCMS v2.5.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the component \c\PluginsController.php. This vulnerability allows attackers to perform an intranet scan via a crafted request.

Action-Not Available
Vendor-jizhicmsn/a
Product-jizhicmsn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-2691
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-8.8||HIGH
EPSS-0.06% / 18.16%
||
7 Day CHG~0.00%
Published-23 Mar, 2025 | 14:21
Updated-26 Mar, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Versions of the package nossrf before 1.0.4 are vulnerable to Server-Side Request Forgery (SSRF) where an attacker can provide a hostname that resolves to a local or reserved IP address space and bypass the SSRF protection mechanism.

Action-Not Available
Vendor-nossrf_projectn/a
Product-nossrfnossrf
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-47883
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.51% / 65.37%
||
7 Day CHG~0.00%
Published-24 Oct, 2024 | 20:39
Updated-29 Oct, 2024 | 15:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Butterfly has path/URL confusion in resource handling leading to multiple weaknesses

The OpenRefine fork of the MIT Simile Butterfly server is a modular web application framework. The Butterfly framework uses the `java.net.URL` class to refer to (what are expected to be) local resource files, like images or templates. This works: "opening a connection" to these URLs opens the local file. However, prior to version 1.2.6, if a `file:/` URL is directly given where a relative path (resource name) is expected, this is also accepted in some code paths; the app then fetches the file, from a remote machine if indicated, and uses it as if it was a trusted part of the app's codebase. This leads to multiple weaknesses and potential weaknesses. An attacker that has network access to the application could use it to gain access to files, either on the the server's filesystem (path traversal) or shared by nearby machines (server-side request forgery with e.g. SMB). An attacker that can lead or redirect a user to a crafted URL belonging to the app could cause arbitrary attacker-controlled JavaScript to be loaded in the victim's browser (cross-site scripting). If an app is written in such a way that an attacker can influence the resource name used for a template, that attacker could cause the app to fetch and execute an attacker-controlled template (remote code execution). Version 1.2.6 contains a patch.

Action-Not Available
Vendor-openrefineOpenRefineopenrefine
Product-butterflysimile-butterflysimilie_butterfly
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CWE ID-CWE-36
Absolute Path Traversal
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-31386
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.21% / 43.71%
||
7 Day CHG~0.00%
Published-09 Jun, 2022 | 13:34
Updated-03 Aug, 2024 | 07:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Server-Side Request Forgery (SSRF) in the getFileBinary function of nbnbk cms 3 allows attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the URL parameter.

Action-Not Available
Vendor-nbnbk_projectn/a
Product-nbnbkn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-2900
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-9.1||CRITICAL
EPSS-0.69% / 70.76%
||
7 Day CHG~0.00%
Published-14 Sep, 2022 | 08:30
Updated-03 Aug, 2024 | 00:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server-Side Request Forgery (SSRF) in ionicabizau/parse-url

Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 8.1.0.

Action-Not Available
Vendor-parse-url_projectionicabizau
Product-parse-urlionicabizau/parse-url
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2023-27162
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.10% / 28.04%
||
7 Day CHG~0.00%
Published-31 Mar, 2023 | 00:00
Updated-18 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

openapi-generator up to v6.4.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/gen/clients/{language}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.

Action-Not Available
Vendor-openapi-generatorn/a
Product-openapi_generatorn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-6584
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-9.1||CRITICAL
EPSS-0.09% / 26.05%
||
7 Day CHG~0.00%
Published-15 May, 2025 | 20:07
Updated-11 Jun, 2025 | 17:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Jetpack Boost < 3.4.7 - Admin+ SSRF

The 'wp_ajax_boost_proxy_ig' action allows administrators to make GET requests to arbitrary URLs.

Action-Not Available
Vendor-UnknownAutomattic Inc.
Product-jetpack_boostJetpack Boost
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-54819
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-20.56% / 95.36%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 00:00
Updated-08 Jan, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

I, Librarian before and including 5.11.1 is vulnerable to Server-Side Request Forgery (SSRF) due to improper input validation in classes/security/validation.php

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-26499
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.21% / 43.16%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 00:00
Updated-03 Aug, 2024 | 05:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests (such as GET) to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2.

Action-Not Available
Vendor-n/aDebian GNU/LinuxDigium, Inc.
Product-asteriskdebian_linuxn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-40898
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-9.1||CRITICAL
EPSS-0.33% / 54.86%
||
7 Day CHG+0.24%
Published-18 Jul, 2024 | 09:32
Updated-13 Sep, 2024 | 17:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows

SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. Users are recommended to upgrade to version 2.4.62 which fixes this issue. 

Action-Not Available
Vendor-The Apache Software FoundationMicrosoft Corporation
Product-http_serverwindowsApache HTTP Serverapache_http_server
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-25260
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.07% / 20.45%
||
7 Day CHG~0.00%
Published-25 Feb, 2022 | 20:01
Updated-03 Aug, 2024 | 04:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF).

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-hubn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-4399
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-9.1||CRITICAL
EPSS-24.47% / 95.90%
||
7 Day CHG~0.00%
Published-23 May, 2024 | 06:00
Updated-30 Jun, 2025 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CAS <= 1.0.0 - Unauthenticated SSRF

The does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attack

Action-Not Available
Vendor-apereoUnknownJenkins
Product-central_authentication_servicecascas
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-4219
Matching Score-4
Assigner-BeyondTrust Inc.
ShareView Details
Matching Score-4
Assigner-BeyondTrust Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.09% / 26.52%
||
7 Day CHG~0.00%
Published-04 Jun, 2024 | 20:08
Updated-01 Aug, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SSRF In BeyondInsight

Prior to 23.2, it is possible to perform arbitrary Server-Side requests via HTTP-based connectors within BeyondInsight, resulting in a server-side request forgery vulnerability.

Action-Not Available
Vendor-BeyondTrust Corporation
Product-beyondinsightBeyondInsight
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-1379
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.2||HIGH
EPSS-0.27% / 49.80%
||
7 Day CHG~0.00%
Published-14 May, 2022 | 09:55
Updated-03 Aug, 2024 | 00:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
URL Restriction Bypass in plantuml/plantuml

URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5. An attacker can abuse this to bypass URL restrictions that are imposed by the different security profiles and achieve server side request forgery (SSRF). This allows accessing restricted internal resources/servers or sending requests to third party servers.

Action-Not Available
Vendor-plantumlplantumlFedora Project
Product-plantumlfedoraplantuml/plantuml
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-0768
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8.6||HIGH
EPSS-0.85% / 73.92%
||
7 Day CHG+0.04%
Published-28 Feb, 2022 | 09:20
Updated-02 Aug, 2024 | 23:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server-Side Request Forgery (SSRF) in rudloff/alltube

Server-Side Request Forgery (SSRF) in GitHub repository rudloff/alltube prior to 3.0.2.

Action-Not Available
Vendor-alltubedownloadrudloff
Product-alltuberudloff/alltube
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2021-40604
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.55% / 66.88%
||
7 Day CHG~0.00%
Published-13 Jun, 2022 | 17:45
Updated-04 Aug, 2024 | 02:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Server-Side Request Forgery (SSRF) vulnerability in IPS Community Suite before 4.6.2 allows remote authenticated users to request arbitrary URLs or trigger deserialization via phar protocol when generating class names dynamically. In some cases an exploitation is possible by an unauthenticated user.

Action-Not Available
Vendor-invisioncommunityn/a
Product-ips_community_suiten/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-22203
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.44% / 62.29%
||
7 Day CHG~0.00%
Published-23 Jan, 2024 | 17:20
Updated-13 Nov, 2024 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Whoogle Search Server Side Request Forgery vulnerability

Whoogle Search is a self-hosted metasearch engine. In versions prior to 0.8.4, the `element` method in `app/routes.py` does not validate the user-controlled `src_type` and `element_url` variables and passes them to the `send` method which sends a GET request on lines 339-343 in `request.py`, which leads to a server-side request forgery. This issue allows for crafting GET requests to internal and external resources on behalf of the server. For example, this issue would allow for accessing resources on the internal network that the server has access to, even though these resources may not be accessible on the internet. This issue is fixed in version 0.8.4.

Action-Not Available
Vendor-benbusbybenbusby
Product-whoogle_searchwhoogle-search
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2021-26715
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.55% / 67.03%
||
7 Day CHG~0.00%
Published-25 Mar, 2021 | 08:07
Updated-03 Aug, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Server Side Request Forgery (SSRF) vulnerability. The vulnerability arises due to unsafe usage of the logo_uri parameter in the Dynamic Client Registration request. An unauthenticated attacker can make a HTTP request from the vulnerable server to any address in the internal network and obtain its response (which might, for example, have a JavaScript payload for resultant XSS). The issue can be exploited to bypass network boundaries, obtain sensitive data, or attack other hosts in the internal network.

Action-Not Available
Vendor-mitreidn/a
Product-connectn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-5526
Matching Score-4
Assigner-Grafana Labs
ShareView Details
Matching Score-4
Assigner-Grafana Labs
CVSS Score-7.7||HIGH
EPSS-0.21% / 43.96%
||
7 Day CHG~0.00%
Published-05 Jun, 2024 | 11:21
Updated-01 Aug, 2024 | 21:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Grafana OnCall is an easy-to-use on-call management tool that will help reduce toil in on-call management through simpler workflows and interfaces that are tailored specifically for engineers. Grafana OnCall, from version 1.1.37 before 1.5.2 are vulnerable to a Server Side Request Forgery (SSRF) vulnerability in the webhook functionallity. This issue was fixed in version 1.5.2

Action-Not Available
Vendor-Grafana Labs
Product-oncallOnCalloncall
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-50811
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.12% / 31.27%
||
7 Day CHG+0.01%
Published-08 Nov, 2024 | 00:00
Updated-21 Nov, 2024 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

hopetree izone lts c011b48 contains a server-side request forgery (SSRF) vulnerability in the active push function as \\apps\\tool\\apis\\bd_push.py does not securely filter user input through push_urls() and get_urls().

Action-Not Available
Vendor-n/atendcode
Product-n/aizone
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-31390
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.28% / 50.69%
||
7 Day CHG~0.00%
Published-09 Jun, 2022 | 13:34
Updated-03 Aug, 2024 | 07:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Update function in app/admin/c/TemplateController.php.

Action-Not Available
Vendor-jizhicmsn/a
Product-jizhicmsn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-45479
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-9.1||CRITICAL
EPSS-0.13% / 33.21%
||
7 Day CHG~0.00%
Published-21 Jan, 2025 | 21:26
Updated-10 Jun, 2025 | 09:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Ranger: SSRF in Edit Service page - Add logic to filter requests to localhost

SSRF vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-rangerApache Ranger
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
  • Previous
  • 1
  • 2
  • Next
Details not found