CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,758 vulnerabilities with CWE-918
CVE-2018-19571 HIGH
GitLab CE/EE <11.3.11-11.5.1 - SSRF
CVSS 7.7
CVE-2018-19495 MEDIUM
GitLab < 11.3.11, 11.4.x < 11.4.8, 11.5.x < 11.5.1 - Server-Side Request Forgery via Prometheus Integration
CVSS 6.5
CVE-2018-17198 CRITICAL
Apache Roller < 5.1.2 - Server-Side Request Forgery via XML-RPC External Entity Processing
CVSS 9.8
CVE-2018-13103 MEDIUM
Open-xchange Appsuite < 7.8.4 - SSRF
CVSS 5.4
CVE-2018-13404 MEDIUM
Atlassian Jira < 7.6.10 - SSRF
CVSS 4.1
CVE-2018-18569 HIGH
Dundas BI < 5.0.1.1010 - Server-Side Request Forgery via Dashboard Export Image Feature
CVSS 8.6
CVE-2018-15657 HIGH
42gears SureMDM < 2018-11-27 - Server-Side Request Forgery via DownloadUrlResponse.ashx URL Parameter
CVSS 7.3
CVE-2018-15517 HIGH
D-Link Central WiFiManager CWM-100 1.03 r0098 - Server-Side Request Forgery via MailConnect Feature
CVSS 8.6
CVE-2018-15516 MEDIUM
D-Link Central WiFiManager CWM-100 1.03 r0098 - Server-Side Request Forgery via FTP PORT Command
CVSS 5.8
CVE-2018-12609 MEDIUM
OX App Suite <7.8.4 - Server-Side Request Forgery
CVSS 6.5
CVE-2018-1000422 MEDIUM
Jenkins Crowd 2 Integration Plugin < 2.0.0 - Server-Side Request Forgery via Connection Test
CVSS 6.5
CVE-2018-1000421 MEDIUM
Jenkins Mesos Plugin <0.17.1 - Auth Bypass
CVSS 6.5
CVE-2018-19601 CRITICAL
Rhymix CMS 1.9.8.1 - Server-Side Request Forgery via SVG Upload
CVSS 9.1
CVE-2018-14721 CRITICAL
FasterXML jackson-databind <2.9.7 - SSRF
CVSS 10.0
CVE-2018-20596 CRITICAL
Jspxcms v9.0.0 - Server-Side Request Forgery
CVSS 9.8
CVE-2018-20528 MEDIUM
JEECMS 9 - Server-Side Request Forgery via UEditor Remote Image Upload
CVSS 6.5
CVE-2018-20436 HIGH
Telegram 4.9.1 and Web 0.7.0 - Server-Side Request Forgery via URL Preview in Secret Chat
CVSS 8.1
CVE-2018-20228 HIGH
Subsonic 6.1.5 - Server-Side Request Forgery via Internet Radio Stream URL Parameter
CVSS 8.0
CVE-2018-18843 CRITICAL
GitLab 11.0.0-11.2.8 - Server-Side Request Forgery via Kubernetes Integration
CVSS 10.0
CVE-2018-18646 HIGH
GitLab 5.3-11.2.6, 11.3.x < 11.3.8, 11.4.x < 11.4.3 - Server-Side Request Forgery
CVSS 8.8
CVE-2018-19651 MEDIUM
Interspire Email Marketer <6.1.6 - SSRF
CVSS 6.5
CVE-2018-19047 CRITICAL
mPDF < 7.1.6 - Server-Side Request Forgery via HTML Image Tag
CVSS 10.0
CVE-2018-18867 HIGH
tecrail Responsive FileManager 9.13.4 - Server-Side Request Forgery via Upload URL Parameter
CVSS 8.6
CVE-2018-18753 CRITICAL
Typecho V1.1 - Server-Side Request Forgery via Base64-Encoded Serialized Data
CVSS 9.8
CVE-2018-16793 HIGH
Microsoft Exchange Server <2010 SP3 - SSRF
CVSS 8.6
Details
Vulnerabilities 2,758
Links
MITRE CWE Entry Search this CWE With Exploits