Vulnerabilities > Server-Side Request Forgery (SSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-16 | CVE-2018-1000067 | Server-Side Request Forgery (SSRF) vulnerability in multiple products An improper authorization vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to have Jenkins submit HTTP GET requests and get limited information about the response. | 5.3 |
| 2018-02-15 | CVE-2018-7055 | Server-Side Request Forgery (SSRF) vulnerability in Steelcase Roomwizard Firmware GroupViewProxyServlet in RoomWizard before 4.4.x allows SSRF via the url parameter. | 7.5 |
| 2018-02-14 | CVE-2018-2370 | Server-Side Request Forgery (SSRF) vulnerability in SAP BI Launchpad 4.10/4.20/4.30 Server Side Request Forgery (SSRF) vulnerability in SAP Central Management Console, BI Launchpad and Fiori BI Launchpad, 4.10, from 4.20, from 4.30, could allow a malicious user to use common techniques to determine which ports are in use on the backend server. | 5.3 |
| 2018-02-09 | CVE-2018-1000056 | Server-Side Request Forgery (SSRF) vulnerability in Jenkins Junit Jenkins JUnit Plugin 1.23 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks. | 8.3 |
| 2018-02-09 | CVE-2018-1000055 | Server-Side Request Forgery (SSRF) vulnerability in Jenkins Android Lint Jenkins Android Lint Plugin 2.5 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks. | 8.3 |
| 2018-02-09 | CVE-2018-1000054 | Server-Side Request Forgery (SSRF) vulnerability in Jenkins CCM Jenkins CCM Plugin 3.1 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks. | 8.3 |
| 2018-02-06 | CVE-2017-6201 | Server-Side Request Forgery (SSRF) vulnerability in Sandstorm A Server Side Request Forgery vulnerability exists in the install app process in Sandstorm before build 0.203. | 8.1 |
| 2018-02-02 | CVE-2017-18036 | Server-Side Request Forgery (SSRF) vulnerability in Atlassian Bitbucket The Github repository importer in Atlassian Bitbucket Server before version 5.3.0 allows remote attackers to determine if a service they could not otherwise reach has open ports via a Server Side Request Forgery (SSRF) vulnerability. | 4.3 |
| 2018-02-01 | CVE-2018-6186 | Server-Side Request Forgery (SSRF) vulnerability in Citrix Netscaler 12.0 Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via the /rapi/read_url URI by an authenticated attacker who has a webapp account. | 8.8 |
| 2018-01-23 | CVE-2018-6029 | Server-Side Request Forgery (SSRF) vulnerability in 5None Nonecms 1.3.0 The copy function in application/admin/controller/Article.php in NoneCms 1.3.0 allows remote attackers to access the content of internal and external network resources via Server Side Request Forgery (SSRF), because URL validation only considers whether the URL contains the "csdn" substring. | 7.5 |