Vulnerabilities > CVE-2023-48910 - Server-Side Request Forgery (SSRF) vulnerability in Microcks

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

microcks

CWE-918

critical

NVD

Published: 2023-12-04

Updated: 2024-11-21

Summary

Microcks up to 1.17.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /jobs and /artifact/download. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request.

Vulnerable Configurations

Part	Description	Count
Application	Microcks Microcks Microcks *	1

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://gist.github.com/b33t1e/2a2dc17cf36cd741b2c99425c892d826
https://gist.github.com/b33t1e/2a2dc17cf36cd741b2c99425c892d826
https://github.com/microcks/microcks
https://github.com/microcks/microcks
https://github.com/orgs/microcks/discussions/892
https://github.com/orgs/microcks/discussions/892