Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-441

CWE-441

Unintended Proxy or Intermediary ('Confused Deputy')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The product receives a request, message, or directive from an upstream component, but the product does not sufficiently preserve the original source of the request before forwarding the request to an external actor that is outside of the product's control sphere. This causes the product to appear to be the source of the request, leading it to act as a proxy or other intermediary between the upstream component and the external actor.

92 vulnerabilities with CWE-441

CVE-2022-39361 HIGH

Metabase 0.41.0-0.41.8 - Remote Code Execution via H2 Database DDL Statements

CVE-2022-39349 MEDIUM

Tasks.org < 12.7.1 - Unintended Proxy via ShareLinkActivity File Path Handling

CVE-2021-20042 CRITICAL

SonicWall SMA 100 - Unauthenticated Proxy Bypass

CVE-2021-25740 LOW

Kubernetes - Confused Deputy Network Access

CVE-2021-32783 HIGH

Contour < 1.17.1 and >= 0 < 1.14.2 - Unauthenticated Denial of Service via ExternalName Service

CVE-2021-32773 MEDIUM

Racket < 8.2 - Unintended Proxy or Intermediary via Sandbox Module Dependency Confusion

CVE-2020-8561 MEDIUM

Kubernetes API Server - Server-Side Request Forgery via Webhook Response Redirects

CVE-2020-26262 HIGH

coturn < 4.5.2 - Unintended Proxy Access via Loopback Address Bypass

CVE-2020-5412 MEDIUM

Spring Cloud Netflix <2.2.4-2.1.6 - SSRF

CVE-2019-3996 MEDIUM

elog < 3.1.4-57bea22 - Unauthenticated HTTP Request Smuggling via Crafted POST Requests

CVE-2019-1841 MEDIUM

Cisco Catalyst Center < 1.2.5 - Authenticated Unintended Proxy Access via HTTP Request

CVE-2019-3924 HIGH

MikroTik RouterOS <6.43.12-6.42.12 - RCE

CVE-2018-12182 MEDIUM

EDK II - Privilege Escalation/Info Disclosure/Denial of Service

CVE-2018-16598 MEDIUM

AWS FreeRTOS <10.0.1 - Info Disclosure

CVE-2018-1999038 MEDIUM

Jenkins Publisher Over CIFS Plugin <0.10 - Confused Deputy

CVE-2015-10003 MEDIUM

FileZilla Server <0.9.50 - Info Disclosure

CVE-2015-2947 CRITICAL

KanColleViewer <3.8.1 - Open Redirect

Previous Page 4 of 4

Details

Vulnerabilities 92

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy