Vulnerabilities > Server-Side Request Forgery (SSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-17 | CVE-2019-9174 | Server-Side Request Forgery (SSRF) vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. | 10.0 |
| 2019-04-15 | CVE-2019-4203 | Server-Side Request Forgery (SSRF) vulnerability in IBM API Connect IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited by app developers to download arbitrary files from the host OS and potentially carry out SSRF attacks. | 9.8 |
| 2019-04-01 | CVE-2019-10686 | Server-Side Request Forgery (SSRF) vulnerability in Ctrip Apollo An SSRF vulnerability was found in an API from Ctrip Apollo through 1.4.0-SNAPSHOT. | 10.0 |
| 2019-03-25 | CVE-2019-3395 | Server-Side Request Forgery (SSRF) vulnerability in Atlassian Confluence The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed version for 6.6.x), from version 6.7.0 before 6.8.5 (the fixed version for 6.8.x), and from version 6.9.0 before 6.9.3 (the fixed version for 6.9.x) allows remote attackers to send arbitrary HTTP and WebDAV requests from a Confluence Server or Data Center instance via Server-Side Request Forgery. | 9.8 |
| 2019-03-25 | CVE-2019-3809 | Server-Side Request Forgery (SSRF) vulnerability in Moodle A flaw was found in Moodle versions 3.1 to 3.1.15 and earlier unsupported versions. | 10.0 |
| 2019-03-21 | CVE-2019-6970 | Server-Side Request Forgery (SSRF) vulnerability in Moodle Moodle 3.5.x before 3.5.4 allows SSRF. | 7.5 |
| 2019-03-21 | CVE-2018-13103 | Server-Side Request Forgery (SSRF) vulnerability in Open-Xchange Appsuite OX App Suite 7.8.4 and earlier allows SSRF. | 5.4 |
| 2019-03-08 | CVE-2017-3164 | Server-Side Request Forgery (SSRF) vulnerability in Apache Solr Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). | 7.5 |
| 2019-02-21 | CVE-2019-8982 | Server-Side Request Forgery (SSRF) vulnerability in Wavemaker Wavemarker Studio 6.6 com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value, leading to disclosure of local files and SSRF. | 9.6 |
| 2019-02-20 | CVE-2019-1003028 | Server-Side Request Forgery (SSRF) vulnerability in Jenkins JMS Messaging A server-side request forgery vulnerability exists in Jenkins JMS Messaging Plugin 1.1.1 and earlier in SSLCertificateAuthenticationMethod.java, UsernameAuthenticationMethod.java that allows attackers with Overall/Read permission to have Jenkins connect to a JMS endpoint. | 4.3 |