Vulnerabilities > Server-Side Request Forgery (SSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-05 | CVE-2018-1000185 | Server-Side Request Forgery (SSRF) vulnerability in Jenkins Github Branch Source A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. | 4.3 |
| 2018-06-05 | CVE-2018-1000184 | Server-Side Request Forgery (SSRF) vulnerability in Jenkins Github A server-side request forgery vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubPluginConfig.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. | 5.4 |
| 2018-06-05 | CVE-2018-1000182 | Server-Side Request Forgery (SSRF) vulnerability in Jenkins GIT A server-side request forgery vulnerability exists in Jenkins Git Plugin 3.9.0 and older in AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.java, TFS2013GitRepositoryBrowser.java, ViewGitWeb.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. | 6.4 |
| 2018-05-24 | CVE-2018-9920 | Server-Side Request Forgery (SSRF) vulnerability in K2 Smartforms 4.6.11 Server side request forgery exists in the runtime application in K2 smartforms 4.6.11 via a modified hostname in an https://*/Identity/STS/Forms/Scripts URL. | 6.5 |
| 2018-05-14 | CVE-2018-11031 | Server-Side Request Forgery (SSRF) vulnerability in Gouguoyin PHPrap application/home/controller/debug.php in PHPRAP 1.0.4 through 1.0.8 has SSRF via the /debug URI, as demonstrated by an api[url]=file:////etc/passwd&api[method]=get POST request. | 9.8 |
| 2018-05-02 | CVE-2018-9919 | Server-Side Request Forgery (SSRF) vulnerability in Tp-Shop 2.0.5/2.0.8 A web-accessible backdoor, with resultant SSRF, exists in Tp-shop 2.0.5 through 2.0.8, which allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution, because /vendor/phpdocumentor/reflection-docblock/tests/phpDocumentor/Reflection/DocBlock/Tag/LinkTagTeet.php writes data from the "down_url" URL into the "bddlj" local file if the attacker knows the backdoor "jmmy" parameter. | 9.8 |
| 2018-05-02 | CVE-2018-9302 | Server-Side Request Forgery (SSRF) vulnerability in Getcockpit Cockpit SSRF (Server Side Request Forgery) in /assets/lib/fuc.js.php in Cockpit 0.4.4 through 0.5.5 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter. | 9.1 |
| 2018-05-01 | CVE-2018-8939 | Server-Side Request Forgery (SSRF) vulnerability in Progress Whatsup Gold An SSRF issue was discovered in NmAPI.exe in Ipswitch WhatsUp Gold before 2018 (18.0). | 9.8 |
| 2018-04-25 | CVE-2018-8801 | Server-Side Request Forgery (SSRF) vulnerability in Gitlab GitLab Community and Enterprise Editions version 8.3 up to 10.x before 10.3 are vulnerable to SSRF in the Services and webhooks component. | 6.5 |
| 2018-04-20 | CVE-2018-10174 | Server-Side Request Forgery (SSRF) vulnerability in Digitalguardian Management Console 7.1.2.0015 Digital Guardian Management Console 7.1.2.0015 has an SSRF issue that allows remote attackers to read arbitrary files via file:// URLs, send TCP traffic to intranet hosts, or obtain an NTLM hash. | 6.5 |