Vulnerabilities > Server-Side Request Forgery (SSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-20 | CVE-2019-1003027 | Server-Side Request Forgery (SSRF) vulnerability in Jenkins Octopusdeploy A server-side request forgery vulnerability exists in Jenkins OctopusDeploy Plugin 1.8.1 and earlier in OctopusDeployPlugin.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified URL and obtain the HTTP response code if successful, and exception error message otherwise. | 4.3 |
| 2019-02-20 | CVE-2019-1003026 | Server-Side Request Forgery (SSRF) vulnerability in Jenkins Mattermost A server-side request forgery vulnerability exists in Jenkins Mattermost Notification Plugin 2.6.2 and earlier in MattermostNotifier.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified Mattermost server and room and send a message. | 4.3 |
| 2019-02-13 | CVE-2018-13404 | Server-Side Request Forgery (SSRF) vulnerability in Atlassian Jira The VerifyPopServerConnection resource in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and from version 7.13.0 before version 7.13.1 allows remote attackers who have administrator rights to determine the existence of internal hosts & open ports and in some cases obtain service information from internal network resources via a Server Side Request Forgery (SSRF) vulnerability. | 4.1 |
| 2019-02-11 | CVE-2018-18569 | Server-Side Request Forgery (SSRF) vulnerability in Dundas BI 5.0.1.1010 The Dundas BI server before 5.0.1.1010 is vulnerable to a Server-Side Request Forgery attack, allowing an attacker to forge arbitrary requests (with certain restrictions) that will be executed on behalf of the attacker, via the viewUrl parameter of the "export the dashboard as an image" feature. | 8.6 |
| 2019-02-07 | CVE-2019-1679 | Server-Side Request Forgery (SSRF) vulnerability in Cisco Telepresence Video Communication Server A vulnerability in the web interface of Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server (VCS) Software could allow an authenticated, remote attacker to trigger an HTTP request from an affected server to an arbitrary host. | 5.0 |
| 2019-02-06 | CVE-2019-1003020 | Server-Side Request Forgery (SSRF) vulnerability in Jenkins Kanboard A server-side request forgery vulnerability exists in Jenkins Kanboard Plugin 1.5.10 and earlier in KanboardGlobalConfiguration.java that allows attackers with Overall/Read permission to submit a GET request to an attacker-specified URL. | 4.3 |
| 2019-02-05 | CVE-2018-15657 | Server-Side Request Forgery (SSRF) vulnerability in 42Gears Suremdm 6.31/6.34/6.35 An SSRF issue was discovered in 42Gears SureMDM before 2018-11-27 via the /api/DownloadUrlResponse.ashx "url" parameter. | 7.3 |
| 2019-01-31 | CVE-2018-15517 | Server-Side Request Forgery (SSRF) vulnerability in Dlink Central Wifimanager 1.03 The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ URI. | 8.6 |
| 2019-01-31 | CVE-2018-15516 | Server-Side Request Forgery (SSRF) vulnerability in Dlink Central Wifimanager 1.03 The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices allows remote attackers to conduct a PORT command bounce scan via port 8000, resulting in SSRF. | 5.8 |
| 2019-01-30 | CVE-2018-12609 | Server-Side Request Forgery (SSRF) vulnerability in Open-Xchange Appsuite OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery. | 6.5 |