Vulnerabilities > Server-Side Request Forgery (SSRF)

DATE CVE VULNERABILITY TITLE RISK
2019-03-08 CVE-2017-3164 Server-Side Request Forgery (SSRF) vulnerability in Apache Solr
Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive).
network
low complexity
apache CWE-918
7.5
2019-02-21 CVE-2019-8982 Server-Side Request Forgery (SSRF) vulnerability in Wavemaker Wavemarker Studio 6.6
com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value, leading to disclosure of local files and SSRF.
network
low complexity
wavemaker CWE-918
critical
9.6
2019-02-20 CVE-2019-1003028 Server-Side Request Forgery (SSRF) vulnerability in Jenkins JMS Messaging
A server-side request forgery vulnerability exists in Jenkins JMS Messaging Plugin 1.1.1 and earlier in SSLCertificateAuthenticationMethod.java, UsernameAuthenticationMethod.java that allows attackers with Overall/Read permission to have Jenkins connect to a JMS endpoint.
network
low complexity
jenkins CWE-918
4.3
2019-02-20 CVE-2019-1003027 Server-Side Request Forgery (SSRF) vulnerability in Jenkins Octopusdeploy
A server-side request forgery vulnerability exists in Jenkins OctopusDeploy Plugin 1.8.1 and earlier in OctopusDeployPlugin.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified URL and obtain the HTTP response code if successful, and exception error message otherwise.
network
low complexity
jenkins CWE-918
4.3
2019-02-20 CVE-2019-1003026 Server-Side Request Forgery (SSRF) vulnerability in Jenkins Mattermost
A server-side request forgery vulnerability exists in Jenkins Mattermost Notification Plugin 2.6.2 and earlier in MattermostNotifier.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified Mattermost server and room and send a message.
network
low complexity
jenkins CWE-918
4.3
2019-02-13 CVE-2018-13404 Server-Side Request Forgery (SSRF) vulnerability in Atlassian Jira
The VerifyPopServerConnection resource in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and from version 7.13.0 before version 7.13.1 allows remote attackers who have administrator rights to determine the existence of internal hosts & open ports and in some cases obtain service information from internal network resources via a Server Side Request Forgery (SSRF) vulnerability.
network
low complexity
atlassian CWE-918
4.1
2019-02-11 CVE-2018-18569 Server-Side Request Forgery (SSRF) vulnerability in Dundas BI 5.0.1.1010
The Dundas BI server before 5.0.1.1010 is vulnerable to a Server-Side Request Forgery attack, allowing an attacker to forge arbitrary requests (with certain restrictions) that will be executed on behalf of the attacker, via the viewUrl parameter of the "export the dashboard as an image" feature.
network
low complexity
dundas CWE-918
8.6
2019-02-07 CVE-2019-1679 Server-Side Request Forgery (SSRF) vulnerability in Cisco Telepresence Video Communication Server
A vulnerability in the web interface of Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server (VCS) Software could allow an authenticated, remote attacker to trigger an HTTP request from an affected server to an arbitrary host.
network
low complexity
cisco CWE-918
5.0
2019-02-06 CVE-2019-1003020 Server-Side Request Forgery (SSRF) vulnerability in Jenkins Kanboard
A server-side request forgery vulnerability exists in Jenkins Kanboard Plugin 1.5.10 and earlier in KanboardGlobalConfiguration.java that allows attackers with Overall/Read permission to submit a GET request to an attacker-specified URL.
network
low complexity
jenkins CWE-918
4.3
2019-02-05 CVE-2018-15657 Server-Side Request Forgery (SSRF) vulnerability in 42Gears Suremdm 6.31/6.34/6.35
An SSRF issue was discovered in 42Gears SureMDM before 2018-11-27 via the /api/DownloadUrlResponse.ashx "url" parameter.
local
low complexity
42gears CWE-918
7.3