CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,758 vulnerabilities with CWE-918
CVE-2020-4632 MEDIUM
IBM InfoSphere Metadata Asset Manager 11.7 - Authenticated Server-Side Request Forgery
CVSS 6.5
CVE-2020-12644 MEDIUM
OX App Suite <=7.10.3 - Server-Side Request Forgery via Mail and Folder APIs
CVSS 5.0
CVE-2020-24898 HIGH
Confluence Server < 5.3.26 - SSRF via Table from CSV Macro URL Parameter
CVSS 7.6
CVE-2020-9298 HIGH
Spinnaker orca < 8.7.0 - Server-Side Request Forgery via Template Resolution
CVSS 7.5
CVE-2020-24548 MEDIUM
Ericom Access Server 9.2.0 - Server-Side Request Forgery via WebSocket Connection
CVSS 5.3
CVE-2020-17386 MEDIUM
Cellopoint CelloOS v4.1.10 Build 20190922 - Server-Side Request Forgery via URL Parameter
CVSS 6.5
CVE-2020-14044 HIGH
Codiad 1.7.8 - Admin Server-Side Request Forgery via Plugin Installer
CVSS 7.2
CVE-2020-5775 MEDIUM
Canvas LMS 2020-07-29 - Unauthenticated Server-Side Request Forgery
CVSS 5.8
CVE-2020-15152 CRITICAL
ftp-srv <2.19.6/3.1.2/4.3.4 - Server-Side Request Forgery via PORT Command
CVSS 9.1
CVE-2020-8226 MEDIUM
phpBB <3.2.10 and <3.3.1 - Server-Side Request Forgery via Remote Image Dimensions Check
CVSS 5.8
CVE-2020-13286 MEDIUM
GitLab 12.7.0-13.0.11 - Server-Side Request Forgery via Git Configuration Settings
CVSS 6.4
CVE-2020-14296 HIGH
Red Hat CloudForms 4.7 and 5 - Server-Side Request Forgery via Ansible Tower Provider
CVSS 7.1
CVE-2020-13295 MEDIUM
GitLab Runner <13.0.12-13.2.3 - SSRF
CVSS 5.4
CVE-2020-16248 MEDIUM
Prometheus Blackbox Exporter < 0.17.0 - Server-Side Request Forgery via Probe Target Parameter
CVSS 5.8
CVE-2020-15823 HIGH
JetBrains YouTrack < 2020.2.8873 - Server-Side Request Forgery in Workflow Component
CVSS 7.5
CVE-2020-15819 MEDIUM
JetBrains YouTrack < 2020.2.10643 - Server-Side Request Forgery
CVSS 5.3
CVE-2020-13970 HIGH
Shopware < 6.2.3 - Authenticated Server-Side Request Forgery via Mediabrowser Upload by URL
CVSS 8.8
CVE-2020-15879 HIGH
Bitwarden Server 1.35.1 - Server-Side Request Forgery via IPv6 and IPv4 Address Validation Bypass
CVSS 7.5
CVE-2020-8205 HIGH
uppy < 1.13.2 - Server-Side Request Forgery
CVSS 7.5
CVE-2020-13788 MEDIUM
Harbor < 2.0.1 - Server-Side Request Forgery via Project Edit
CVSS 4.3
CVE-2020-6282 MEDIUM
SAP NetWeaver AS JAVA 7.10-7.50 - Server-Side Request Forgery via IIOP Service
CVSS 5.8
CVE-2020-14170 MEDIUM
Atlassian Bitbucket 5.4.0-7.3.0 - Server-Side Request Forgery via Webhooks
CVSS 4.3
CVE-2020-14056 CRITICAL
Monsta FTP < 2.10.1 - Server-Side Request Forgery via Web Fetch Functionality
CVSS 9.8
CVE-2020-13484 CRITICAL
Bitrix24 < 20.0.975 - Server-Side Request Forgery via URL Preview Ajax Endpoint
CVSS 9.8
CVE-2020-8544 MEDIUM
OX App Suite <7.10.3 - Server-Side Request Forgery
CVSS 6.5
Details
Vulnerabilities 2,758
Links
MITRE CWE Entry Search this CWE With Exploits