CVE-2023-44313
HIGHApache ServiceComb < 2.2.0 - Server-Side Request Forgery
Title source: llmDescription
Server-Side Request Forgery (SSRF) vulnerability in Apache ServiceComb Service-Center. Attackers can obtain sensitive server information through specially crafted requests.This issue affects Apache ServiceComb before 2.1.0(include). Users are recommended to upgrade to version 2.2.0, which fixes the issue.
References (2)
Core 2
Core References
Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/01/31/4
Mailing List, Third Party Advisory vendor-advisory
https://lists.apache.org/thread/kxovd455o9h4f2v811hcov2qknbwld5r
Scores
CVSS v3
7.6
EPSS
0.6909
EPSS Percentile
98.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-918
Status
published
Products (2)
apache/servicecomb
< 2.2.0
apache/servicecomb-service-center
0 - 2.2.0Go
Published
Jan 31, 2024
Tracked Since
Feb 18, 2026