Vulnerabilities > Server-Side Request Forgery (SSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-26 | CVE-2018-1000553 | Server-Side Request Forgery (SSRF) vulnerability in Trovebox Trovebox version <= 4.0.0-rc6 contains a Server-Side request forgery vulnerability in webhook component that can result in read or update internal resources. | 8.8 |
| 2018-06-22 | CVE-2018-12678 | Server-Side Request Forgery (SSRF) vulnerability in Portainer Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks. | 9.8 |
| 2018-06-16 | CVE-2018-5752 | Server-Side Request Forgery (SSRF) vulnerability in Open-Xchange Appsuite The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors involving non-decimal representations of IP addresses and special IPv6 related addresses. | 8.8 |
| 2018-06-05 | CVE-2018-11586 | Server-Side Request Forgery (SSRF) vulnerability in Searchblox 8.6.7 XML external entity (XXE) vulnerability in api/rest/status in SearchBlox 8.6.7 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. | 9.8 |
| 2018-06-05 | CVE-2018-1000188 | Server-Side Request Forgery (SSRF) vulnerability in Jenkins CAS A server-side request forgery vulnerability exists in Jenkins CAS Plugin 1.4.1 and older in CasSecurityRealm.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. | 5.4 |
| 2018-06-05 | CVE-2018-1000185 | Server-Side Request Forgery (SSRF) vulnerability in Jenkins Github Branch Source A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. | 4.3 |
| 2018-06-05 | CVE-2018-1000184 | Server-Side Request Forgery (SSRF) vulnerability in Jenkins Github A server-side request forgery vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubPluginConfig.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. | 5.4 |
| 2018-06-05 | CVE-2018-1000182 | Server-Side Request Forgery (SSRF) vulnerability in Jenkins GIT A server-side request forgery vulnerability exists in Jenkins Git Plugin 3.9.0 and older in AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.java, TFS2013GitRepositoryBrowser.java, ViewGitWeb.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. | 6.4 |
| 2018-05-24 | CVE-2018-9920 | Server-Side Request Forgery (SSRF) vulnerability in K2 Smartforms 4.6.11 Server side request forgery exists in the runtime application in K2 smartforms 4.6.11 via a modified hostname in an https://*/Identity/STS/Forms/Scripts URL. | 6.5 |
| 2018-05-14 | CVE-2018-11031 | Server-Side Request Forgery (SSRF) vulnerability in Gouguoyin PHPrap application/home/controller/debug.php in PHPRAP 1.0.4 through 1.0.8 has SSRF via the /debug URI, as demonstrated by an api[url]=file:////etc/passwd&api[method]=get POST request. | 9.8 |