Vulnerabilities > CVE-2023-27159 - Server-Side Request Forgery (SSRF) vulnerability in Appwrite

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
appwrite
CWE-918
NVD
Published: 2023-03-31
Updated: 2023-04-08

Summary

Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request.

Vulnerable Configurations

Part Description Count
Application
Appwrite
56

Common Weakness Enumeration (CWE)

References