ByteOS Network

Vulnerability Details :

CVE-2023-4651

Summary

Assigner-@huntrdev

Assigner Org ID-c09c270a-b464-47c1-9133-acb35b22c19a

Published At-31 Aug, 2023 | 00:00

Updated At-01 Oct, 2024 | 18:41

Server-Side Request Forgery (SSRF) in instantsoft/icms2

Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/icms2 prior to 2.16.1.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:@huntrdev

Assigner Org ID:c09c270a-b464-47c1-9133-acb35b22c19a

Published At:31 Aug, 2023 | 00:00

Updated At:01 Oct, 2024 | 18:41

▼CVE Numbering Authority (CNA)

Server-Side Request Forgery (SSRF) in instantsoft/icms2

Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/icms2 prior to 2.16.1.

Affected Products

Vendor

instantsoft

Product

instantsoft/icms2

Versions

Affected

From unspecified before 2.16.1 (custom)

Problem Types

Type	CWE ID	Description
CWE	CWE-918	CWE-918 Server-Side Request Forgery (SSRF)

Type: CWE

CWE ID: CWE-918

Description: CWE-918 Server-Side Request Forgery (SSRF)

Metrics

Version	Base score	Base severity	Vector
3.0	6.4	MEDIUM	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L

Version: 3.0

Base score: 6.4

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L

References

Hyperlink	Resource
https://huntr.dev/bounties/beba9b98-2a5c-4629-987d-b67f47ba9437	N/A
https://github.com/instantsoft/icms2/commit/a6bf758de0b3242b0c0e4b47a588aae0c94305b0	N/A

Hyperlink: https://huntr.dev/bounties/beba9b98-2a5c-4629-987d-b67f47ba9437

Resource: N/A

Hyperlink: https://github.com/instantsoft/icms2/commit/a6bf758de0b3242b0c0e4b47a588aae0c94305b0

Resource: N/A

▼Authorized Data Publishers (ADP)

1. CVE Program Container

References

Hyperlink	Resource
https://huntr.dev/bounties/beba9b98-2a5c-4629-987d-b67f47ba9437	x_transferred
https://github.com/instantsoft/icms2/commit/a6bf758de0b3242b0c0e4b47a588aae0c94305b0	x_transferred

Hyperlink: https://huntr.dev/bounties/beba9b98-2a5c-4629-987d-b67f47ba9437

Resource:

x_transferred

Hyperlink: https://github.com/instantsoft/icms2/commit/a6bf758de0b3242b0c0e4b47a588aae0c94305b0

Resource:

x_transferred

2. CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:security@huntr.dev

Published At:31 Aug, 2023 | 01:15

Updated At:01 Sep, 2023 | 14:50

Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/icms2 prior to 2.16.1.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	5.4	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Secondary	3.0	6.4	MEDIUM	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L

Type: Primary

Version: 3.1

Base score: 5.4

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Type: Secondary

Version: 3.0

Base score: 6.4

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L

CPE Matches

instantcms>>instantcms>>Versions before 2.16.1(exclusive)

cpe:2.3:a:instantcms:instantcms:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-918	Primary	security@huntr.dev

CWE ID: CWE-918

Type: Primary

Source: security@huntr.dev

References

Hyperlink	Source	Resource
https://github.com/instantsoft/icms2/commit/a6bf758de0b3242b0c0e4b47a588aae0c94305b0	security@huntr.dev	Patch
https://huntr.dev/bounties/beba9b98-2a5c-4629-987d-b67f47ba9437	security@huntr.dev	Exploit Patch Third Party Advisory

Hyperlink: https://github.com/instantsoft/icms2/commit/a6bf758de0b3242b0c0e4b47a588aae0c94305b0

Source: security@huntr.dev

Resource:

Patch

Hyperlink: https://huntr.dev/bounties/beba9b98-2a5c-4629-987d-b67f47ba9437

Source: security@huntr.dev

Resource:

Exploit

Patch

Third Party Advisory

Similar CVEs

54Records found

CVE-2024-4562

Matching Score-4

Assigner-Progress Software Corporation

View Details

Matching Score-4

Assigner-Progress Software Corporation

CVSS Score-5.4||MEDIUM

EPSS-0.11% / 29.60%

7 Day CHG~0.00%

Published-14 May, 2024 | 20:36

Updated-09 Dec, 2024 | 13:40

WhatsUp Gold Server-Side Request Forgery Information Disclosure Vulnerability via HttpMonitorSettings

In WhatsUp Gold versions released before 2023.1.2 , an SSRF vulnerability exists in Whatsup Gold's Issue exists in the HTTP Monitoring functionality. Due to the lack of proper authorization, any authenticated user can access the HTTP monitoring functionality, what leads to the Server Side Request Forgery.

Vendor-Progress Software Corporation

Product-whatsup_gold WhatsUp Gold whatsupgold

CWE ID-CWE-918

Server-Side Request Forgery (SSRF)

CVE-2024-45843

Matching Score-4

Assigner-Mattermost, Inc.

View Details

Matching Score-4

Assigner-Mattermost, Inc.

CVSS Score-3.1||LOW

EPSS-0.07% / 22.02%

7 Day CHG~0.00%

Published-26 Sep, 2024 | 08:03

Updated-26 Sep, 2024 | 18:42

Weak SSRF Filtering

Mattermost versions 9.5.x <= 9.5.8 fail to include the metadata endpoints of Oracle Cloud and Alibaba in the SSRF denylist, which allows an attacker to possibly cause an SSRF if Mattermost was deployed in Oracle Cloud or Alibaba.

Vendor-Mattermost, Inc.

Product-mattermost_server Mattermost

CWE ID-CWE-918

Server-Side Request Forgery (SSRF)

CVE-2021-20535

Matching Score-4

Assigner-IBM Corporation

View Details

Matching Score-4

Assigner-IBM Corporation

CVSS Score-6.5||MEDIUM

EPSS-0.09% / 27.26%

7 Day CHG~0.00%

Published-13 May, 2021 | 15:30

Updated-16 Sep, 2024 | 18:13

IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 198834.

Vendor-IBM Corporation

Product-jazz_reporting_service Jazz Reporting Service

CWE ID-CWE-918

Server-Side Request Forgery (SSRF)

CVE-2024-32812

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.07% / 22.70%

7 Day CHG~0.00%

Published-24 Apr, 2024 | 07:14

Updated-19 Mar, 2025 | 18:08

WordPress Podlove Podcast Publisher plugin <= 4.0.11 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery (SSRF) vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.11.

Vendor-podlove Podlove podlove

Product-podlove_podcast_publisher Podlove Podcast Publisher podlove_podcast_publisher

CWE ID-CWE-918

Server-Side Request Forgery (SSRF)

CVE-2023-4651

Credits

Server-Side Request Forgery (SSRF) in instantsoft/icms2

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs