CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,758 vulnerabilities with CWE-918
CVE-2019-7652 HIGH
TheHive Project UnshortenLink analyzer <1.1 - SSRF
CVSS 7.7
CVE-2019-11767 MEDIUM
phpBB < 3.2.6 - Server-Side Request Forgery via Remote Avatar Upload
CVSS 5.8
CVE-2019-0227 HIGH
Apache Axis 1.4 - Server-Side Request Forgery
CVSS 7.5
CVE-2019-9621 HIGH KEV
Zimbra Collaboration Suite <8.6-8.8 - SSRF
CVSS 7.5
CVE-2019-11565 CRITICAL
Print My Blog < 1.6.7 - Server-Side Request Forgery via Site Parameter
CVSS 9.8
CVE-2019-9174 CRITICAL
GitLab < 11.6.10, 11.7.x < 11.7.6, 11.8.x < 11.8.1 - Server-Side Request Forgery
CVSS 10.0
CVE-2019-4203 CRITICAL
IBM API Connect 5.0.0.0-5.0.8.6 - Server-Side Request Forgery via Developer Portal
CVSS 9.8
CVE-2019-10686 CRITICAL
Ctrip Apollo through 1.4.0-SNAPSHOT - Server-Side Request Forgery via /system-info/health Endpoint
CVSS 10.0
CVE-2019-3395 CRITICAL
Atlassian Confluence <6.6.12, 6.13.0-6.13.3 - Server-Side Request Forgery via WebDAV Endpoint
CVSS 9.8
CVE-2019-3809 MEDIUM
Moodle 3.1.0-3.1.15 - Server-Side Request Forgery via MyBackpack Badge URL
CVSS 6.5
CVE-2019-6970 HIGH
Moodle 3.5.0-3.5.3 - Server-Side Request Forgery
CVSS 7.5
CVE-2019-8982 CRITICAL
WaveMaker Studio 6.6 - Server-Side Request Forgery via studioService.download inUrl Parameter
CVSS 9.6
CVE-2019-1003028 MEDIUM
Jenkins JMS Messaging Plugin <1.1.1 - SSRF
CVSS 4.3
CVE-2019-1003027 MEDIUM
Jenkins OctopusDeploy Plugin <1.8.1 - SSRF
CVSS 4.3
CVE-2019-1003026 MEDIUM
Jenkins Mattermost Notification Plugin <2.6.2 - SSRF
CVSS 4.3
CVE-2019-1679 MEDIUM
Cisco TelePresence VCS < X12.5 & Conductor < XC4.3.4 Authenticated SSRF via REST API
CVSS 5.0
CVE-2019-1003020 MEDIUM
Jenkins Kanboard Plugin <1.5.10 - SSRF
CVSS 4.3
CVE-2019-6257 HIGH
elFinder < 2.1.46 - Server-Side Request Forgery via get_remote_contents()
CVSS 7.7
CVE-2019-5725 HIGH
qibosoft < 7.0 - Server-Side Request Forgery via member/index.php main parameter
CVSS 7.5
CVE-2019-3905 CRITICAL
ManageEngine ADSelfService Plus 5.x < 5703 - Server-Side Request Forgery
CVSS 10.0
CVE-2018-17452 CRITICAL
GitLab <11.1.7-11.2.4-11.3.1 - SSRF
CVSS 9.8
CVE-2018-17450 MEDIUM
GitLab <11.1.7, <11.2.4, <11.3.1 - SSRF
CVSS 4.3
CVE-2018-25031 MEDIUM
Swagger UI < 4.1.3 - Server-Side Request Forgery via OpenAPI Definition URL
CVSS 4.3
CVE-2018-20499 HIGH
GitLab 11.x < 11.4.13, 11.5.x < 11.5.6, 11.6.x < 11.6.1 - Server-Side Request Forgery
CVSS 7.2
CVE-2018-20497 MEDIUM
GitLab < 11.4.13, 11.5.x < 11.5.6, 11.6.x < 11.6.1 - Server-Side Request Forgery
CVSS 5.0
Details
Vulnerabilities 2,758
Links
MITRE CWE Entry Search this CWE With Exploits