Vulnerabilities > Server-Side Request Forgery (SSRF)

DATE	CVE	VULNERABILITY TITLE	RISK
2019-03-25	CVE-2019-3395	Server-Side Request Forgery (SSRF) vulnerability in Atlassian Confluence The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed version for 6.6.x), from version 6.7.0 before 6.8.5 (the fixed version for 6.8.x), and from version 6.9.0 before 6.9.3 (the fixed version for 6.9.x) allows remote attackers to send arbitrary HTTP and WebDAV requests from a Confluence Server or Data Center instance via Server-Side Request Forgery. network low complexity atlassian CWE-918 critical	9.8
2019-03-25	CVE-2019-3809	Server-Side Request Forgery (SSRF) vulnerability in Moodle A flaw was found in Moodle versions 3.1 to 3.1.15 and earlier unsupported versions. network low complexity moodle CWE-918 critical	10.0
2019-03-21	CVE-2019-6970	Server-Side Request Forgery (SSRF) vulnerability in Moodle Moodle 3.5.x before 3.5.4 allows SSRF. network high complexity moodle CWE-918	7.5
2019-03-21	CVE-2018-13103	Server-Side Request Forgery (SSRF) vulnerability in Open-Xchange Appsuite OX App Suite 7.8.4 and earlier allows SSRF. network low complexity open-xchange CWE-918	5.4
2019-03-08	CVE-2017-3164	Server-Side Request Forgery (SSRF) vulnerability in Apache Solr Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). network low complexity apache CWE-918	7.5
2019-02-21	CVE-2019-8982	Server-Side Request Forgery (SSRF) vulnerability in Wavemaker Wavemarker Studio 6.6 com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value, leading to disclosure of local files and SSRF. network low complexity wavemaker CWE-918 critical	9.6
2019-02-20	CVE-2019-1003028	Server-Side Request Forgery (SSRF) vulnerability in Jenkins JMS Messaging A server-side request forgery vulnerability exists in Jenkins JMS Messaging Plugin 1.1.1 and earlier in SSLCertificateAuthenticationMethod.java, UsernameAuthenticationMethod.java that allows attackers with Overall/Read permission to have Jenkins connect to a JMS endpoint. network low complexity jenkins CWE-918	4.3
2019-02-20	CVE-2019-1003027	Server-Side Request Forgery (SSRF) vulnerability in Jenkins Octopusdeploy A server-side request forgery vulnerability exists in Jenkins OctopusDeploy Plugin 1.8.1 and earlier in OctopusDeployPlugin.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified URL and obtain the HTTP response code if successful, and exception error message otherwise. network low complexity jenkins CWE-918	4.3
2019-02-20	CVE-2019-1003026	Server-Side Request Forgery (SSRF) vulnerability in Jenkins Mattermost A server-side request forgery vulnerability exists in Jenkins Mattermost Notification Plugin 2.6.2 and earlier in MattermostNotifier.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified Mattermost server and room and send a message. network low complexity jenkins CWE-918	4.3
2019-02-13	CVE-2018-13404	Server-Side Request Forgery (SSRF) vulnerability in Atlassian Jira The VerifyPopServerConnection resource in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and from version 7.13.0 before version 7.13.1 allows remote attackers who have administrator rights to determine the existence of internal hosts & open ports and in some cases obtain service information from internal network resources via a Server Side Request Forgery (SSRF) vulnerability. network low complexity atlassian CWE-918	4.1