Description
Microcks up to 1.17.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /jobs and /artifact/download. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request.
References (3)
Core 3
Core References
Exploit, Third Party Advisory
https://gist.github.com/b33t1e/2a2dc17cf36cd741b2c99425c892d826
Exploit, Issue Tracking, Third Party Advisory
https://github.com/orgs/microcks/discussions/892
Scores
CVSS v3
9.8
EPSS
0.0026
EPSS Percentile
49.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-918
Status
published
Products (2)
io.github.microcks/microcks
0 - 1.17.1Maven
microcks/microcks
< 1.17.1
Published
Dec 04, 2023
Tracked Since
Feb 18, 2026