CVE-2023-31456

MEDIUM

Fluid Topics < 4.3 - Authenticated Server-Side Request Forgery

Title source: llm

Description

There is an SSRF vulnerability in the Fluid Topics platform that affects versions prior to 4.3, where the server can be forced to make arbitrary requests to internal and external resources by an authenticated user.

References (2)

Core 2

Core References

Various Sources

https://antidot.net/blog/

Various Sources

https://doc.fluidtopics.com/r/Fluid-Topics-Release-Notes/June-10th-2024

Scores

CVSS v3 5.4

EPSS 0.0021

EPSS Percentile 11.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-918

Status published

Published Jul 16, 2024

Tracked Since Feb 18, 2026