Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-35896

Summary
Assigner-ibm
Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522
Published At-03 Nov, 2023 | 02:14
Updated At-04 Sep, 2024 | 20:33
Rejected At-
Credits

IBM Content Navigator server-side request forgery

IBM Content Navigator 3.0.13 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 259247.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ibm
Assigner Org ID:9a959283-ebb5-44b6-b705-dcc2bbced522
Published At:03 Nov, 2023 | 02:14
Updated At:04 Sep, 2024 | 20:33
Rejected At:
▼CVE Numbering Authority (CNA)
IBM Content Navigator server-side request forgery

IBM Content Navigator 3.0.13 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 259247.

Affected Products
Vendor
IBM CorporationIBM
Product
Content Navigator
Default Status
unaffected
Versions
Affected
  • 3.0.13
Problem Types
TypeCWE IDDescription
CWECWE-918CWE-918 Server-Side Request Forgery (SSRF)
Type: CWE
CWE ID: CWE-918
Description: CWE-918 Server-Side Request Forgery (SSRF)
Metrics
VersionBase scoreBase severityVector
3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ibm.com/support/pages/node/7065203
vendor-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/259247
vdb-entry
Hyperlink: https://www.ibm.com/support/pages/node/7065203
Resource:
vendor-advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/259247
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ibm.com/support/pages/node/7065203
vendor-advisory
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/259247
vdb-entry
x_transferred
Hyperlink: https://www.ibm.com/support/pages/node/7065203
Resource:
vendor-advisory
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/259247
Resource:
vdb-entry
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@us.ibm.com
Published At:03 Nov, 2023 | 03:15
Updated At:09 Nov, 2023 | 15:56

IBM Content Navigator 3.0.13 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 259247.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Secondary3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Type: Primary
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CPE Matches
Linux Kernel Organization, Inc
linux
>>linux_kernel>>-
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows>>-
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
IBM Corporation
ibm
>>content_navigator>>3.0.13
cpe:2.3:a:ibm:content_navigator:3.0.13:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-918Primarynvd@nist.gov
CWE-918Secondarypsirt@us.ibm.com
CWE ID: CWE-918
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-918
Type: Secondary
Source: psirt@us.ibm.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://exchange.xforce.ibmcloud.com/vulnerabilities/259247psirt@us.ibm.com
VDB Entry
Vendor Advisory
https://www.ibm.com/support/pages/node/7065203psirt@us.ibm.com
Patch
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/259247
Source: psirt@us.ibm.com
Resource:
VDB Entry
Vendor Advisory
Hyperlink: https://www.ibm.com/support/pages/node/7065203
Source: psirt@us.ibm.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

218Records found
CVE-2023-28633
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-3.5||LOW
EPSS-0.24% / 47.50%
||
7 Day CHG~0.00%
Published-05 Apr, 2023 | 15:27
Updated-10 Feb, 2025 | 16:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GLPI vulnerable to Blind Server-Side Request Forgery (SSRF) in RSS feeds

GLPI is a free asset and IT management software package. Starting in version 0.84 and prior to versions 9.5.13 and 10.0.7, usage of RSS feeds is subject to server-side request forgery (SSRF). In case the remote address is not a valid RSS feed, an RSS autodiscovery feature is triggered. This feature does not check safety or URLs. Versions 9.5.13 and 10.0.7 contain a patch for this issue.

Action-Not Available
Vendor-GLPI Project
Product-glpiglpi
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-32812
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.13% / 31.91%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 07:14
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Podlove Podcast Publisher plugin <= 4.0.11 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery (SSRF) vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.11.

Action-Not Available
Vendor-podlovePodlovepodlove
Product-podlove_podcast_publisherPodlove Podcast Publisherpodlove_podcast_publisher
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-32718
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.9||MEDIUM
EPSS-0.08% / 23.79%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 07:19
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress The Pack Elementor addons plugin <= 2.0.8.2 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery (SSRF) vulnerability in Webangon The Pack Elementor.This issue affects The Pack Elementor addons: from n/a through 2.0.8.2.

Action-Not Available
Vendor-webangonWebangon
Product-the_pack_elementor_addonsThe Pack Elementor addons
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-27949
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.14% / 33.40%
||
7 Day CHG~0.00%
Published-01 Mar, 2024 | 07:30
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Sirv plugin <= 7.2.0 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery (SSRF) vulnerability in Sirv CDN and Image Hosting Sirv sirv.This issue affects Sirv: from n/a through <= 7.2.0.

Action-Not Available
Vendor-sirvSirv CDN and Image Hosting
Product-sirvSirv
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-1758
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.34% / 56.44%
||
7 Day CHG~0.00%
Published-24 Feb, 2024 | 08:38
Updated-08 Apr, 2026 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SuperFaktura WooCommerce <= 1.40.3 - Authenticated (Subscriber+) Blind Server-Side Request Forgery

The SuperFaktura WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.40.3 via the wc_sf_url_check function. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. CVE-2024-32803 appears to be a duplicate of this issue.

Action-Not Available
Vendor-superfakturasuperfaktura
Product-superfaktura_woocommerceSuperFaktura WooCommerce
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-13695
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.4||MEDIUM
EPSS-0.14% / 33.08%
||
7 Day CHG~0.00%
Published-25 Feb, 2025 | 09:21
Updated-08 Apr, 2026 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Enfold <= 6.0.9 - Authenticated (Subscriber+) Server-Side Request Forgery via attachment_id

The Enfold theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.0.9 via the 'attachment_id' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Action-Not Available
Vendor-kriesiKriesi
Product-enfoldEnfold - Responsive Multi-Purpose Theme
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-25229
Matching Score-4
Assigner-Omnissa, LLC
ShareView Details
Matching Score-4
Assigner-Omnissa, LLC
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.53%
||
7 Day CHG~0.00%
Published-11 Aug, 2025 | 18:24
Updated-12 Aug, 2025 | 14:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Omnissa Workspace ONE UEM contains a Server-Side Request Forgery (SSRF) Vulnerability. A malicious actor with user privileges may be able to access restricted internal system information, potentially enabling enumeration of internal network resources.

Action-Not Available
Vendor-Omnissa
Product-Omnissa Workspace ONE UEM
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-4562
Matching Score-4
Assigner-Progress Software Corporation
ShareView Details
Matching Score-4
Assigner-Progress Software Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.03% / 9.33%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 20:36
Updated-09 Dec, 2024 | 13:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WhatsUp Gold Server-Side Request Forgery Information Disclosure Vulnerability via HttpMonitorSettings

In WhatsUp Gold versions released before 2023.1.2 , an SSRF vulnerability exists in Whatsup Gold's Issue exists in the HTTP Monitoring functionality.  Due to the lack of proper authorization, any authenticated user can access the HTTP monitoring functionality, what leads to the Server Side Request Forgery.

Action-Not Available
Vendor-Progress Software Corporation
Product-whatsup_goldWhatsUp Goldwhatsupgold
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2019-14225
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.22% / 44.45%
||
7 Day CHG~0.00%
Published-14 Oct, 2019 | 16:34
Updated-05 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OX App Suite 7.10.1 and 7.10.2 allows SSRF.

Action-Not Available
Vendor-n/aOpen-Xchange AG
Product-open-xchange_appsuiten/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-10705
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.07% / 20.37%
||
7 Day CHG~0.00%
Published-26 Jan, 2025 | 06:41
Updated-08 Apr, 2026 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Page Generator Plugin – MPG <= 4.0.5 - Authenticated (Editor+) Server-Side Request Forgery via fileUrl

The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.5 via the 'mpg_download_file_by_link' function. This makes it possible for authenticated attackers, with editor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Action-Not Available
Vendor-Themeisle
Product-multiple_page_generatorMultiple Page Generator Plugin – MPG
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-13741
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 23.51%
||
7 Day CHG~0.00%
Published-18 Feb, 2025 | 01:44
Updated-08 Apr, 2026 | 17:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.2 - Authenticated (Subscriber+) Limited Server-Side Request Forgery

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Limited Server-Side Request Forgery in all versions up to, and including, 5.9.4.2 via the pm_upload_image function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to download and view images, as well as validating if a non-image file exists, both on local or remote hosts.

Action-Not Available
Vendor-Metagauss Inc.
Product-profilegridProfileGrid – User Profiles, Groups and Communities
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-13834
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.07% / 22.32%
||
7 Day CHG~0.00%
Published-15 Feb, 2025 | 14:21
Updated-08 Apr, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Responsive Plus – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme <= 3.1.4 - Authenticated (Contributor+) Blind Server-Side Request Forgery via remote_request

The Responsive Plus – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.4 via the 'remote_request' function. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Action-Not Available
Vendor-CyberChimps Inc.
Product-responsive_addonsResponsive Plus – Elementor Templates & Starter Sites
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-13360
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.16% / 36.81%
||
7 Day CHG~0.00%
Published-22 Jan, 2025 | 07:29
Updated-08 Apr, 2026 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AI Power: Complete AI Pack <= 1.8.96 - Authenticated (Subscriber+) Server-Side Request Forgery

The AI Power: Complete AI Pack plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.8.96 via the wpaicg_troubleshoot_add_vector(). This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Action-Not Available
Vendor-aipowersenols
Product-aipowerAI Puffer – Your AI engine for WordPress (formerly AI Power)
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-12121
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.19% / 40.90%
||
7 Day CHG~0.00%
Published-19 Dec, 2024 | 01:45
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Broken Link Checker | Finder <= 2.5.0 - Authenticated (Author+) Blind Server-Side Request Forgery

The Broken Link Checker | Finder plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.5.0 via the 'moblc_check_link' function. This makes it possible for authenticated attackers, with Author-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Action-Not Available
Vendor-cyberlord92
Product-Broken Link Checker | Finder
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-11913
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.13% / 32.13%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 13:40
Updated-08 Apr, 2026 | 16:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Activity Plus Reloaded for BuddyPress <= 1.1.1 - Authenticated (Subscriber+) Blind Server-Side Request Forgery

The Activity Plus Reloaded for BuddyPress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.1 via the 'ajax_preview_link' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Action-Not Available
Vendor-buddydevbuddydev
Product-activity_plus_reloaded_for_buddypressActivity Plus Reloaded for BuddyPress
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2023-36388
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 31.27%
||
7 Day CHG~0.00%
Published-06 Sep, 2023 | 12:53
Updated-26 Sep, 2024 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Superset: Improper API permission for low privilege users allows for SSRF

Improper REST API permission in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma users to test network connections, possible SSRF.

Action-Not Available
Vendor-The Apache Software Foundation
Product-supersetApache Superset
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-0425
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.16% / 36.32%
||
7 Day CHG~0.00%
Published-01 Apr, 2022 | 22:17
Updated-02 Aug, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DNS rebinding vulnerability in the Irker IRC Gateway integration in all versions of GitLab CE/EE since version 7.9 allows an attacker to trigger Server Side Request Forgery (SSRF) attacks.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2021-39894
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.17% / 37.02%
||
7 Day CHG~0.00%
Published-05 Oct, 2021 | 12:33
Updated-04 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In all versions of GitLab CE/EE since version 8.0, a DNS rebinding vulnerability exists in Fogbugz importer which may be used by attackers to exploit Server Side Request Forgery attacks.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found