Vulnerabilities > CVE-2023-24060 - Server-Side Request Forgery (SSRF) vulnerability in Havenweb Haven 5D15944

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

havenweb

CWE-918

NVD

Published: 2023-01-27

Updated: 2024-11-21

Summary

Haven 5d15944 allows Server-Side Request Forgery (SSRF) via the feed[url]= Feeds functionality. Authenticated users with the ability to create new RSS Feeds or add RSS Feeds can supply an arbitrary hostname (or even the hostname of the Haven server itself). NOTE: this product has significant usage but does not have numbered releases; ordinary end users may typically use the master branch.

Vulnerable Configurations

Part	Description	Count
Application	Havenweb Havenweb Haven 5D15944	1

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://github.com/havenweb/haven/issues/51
https://github.com/havenweb/haven/issues/51
https://havenweb.org/
https://havenweb.org/