Vulnerabilities > Server-Side Request Forgery (SSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-16 | CVE-2018-5752 | Server-Side Request Forgery (SSRF) vulnerability in Open-Xchange Appsuite The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors involving non-decimal representations of IP addresses and special IPv6 related addresses. | 8.8 |
| 2018-06-05 | CVE-2018-11586 | Server-Side Request Forgery (SSRF) vulnerability in Searchblox 8.6.7 XML external entity (XXE) vulnerability in api/rest/status in SearchBlox 8.6.7 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. | 9.8 |
| 2018-06-05 | CVE-2018-1000188 | Server-Side Request Forgery (SSRF) vulnerability in Jenkins CAS A server-side request forgery vulnerability exists in Jenkins CAS Plugin 1.4.1 and older in CasSecurityRealm.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. | 5.4 |
| 2018-06-05 | CVE-2018-1000185 | Server-Side Request Forgery (SSRF) vulnerability in Jenkins Github Branch Source A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. | 4.3 |
| 2018-06-05 | CVE-2018-1000184 | Server-Side Request Forgery (SSRF) vulnerability in Jenkins Github A server-side request forgery vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubPluginConfig.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. | 5.4 |
| 2018-06-05 | CVE-2018-1000182 | Server-Side Request Forgery (SSRF) vulnerability in Jenkins GIT A server-side request forgery vulnerability exists in Jenkins Git Plugin 3.9.0 and older in AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.java, TFS2013GitRepositoryBrowser.java, ViewGitWeb.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. | 6.4 |
| 2018-05-24 | CVE-2018-9920 | Server-Side Request Forgery (SSRF) vulnerability in K2 Smartforms 4.6.11 Server side request forgery exists in the runtime application in K2 smartforms 4.6.11 via a modified hostname in an https://*/Identity/STS/Forms/Scripts URL. | 6.5 |
| 2018-05-14 | CVE-2018-11031 | Server-Side Request Forgery (SSRF) vulnerability in Gouguoyin PHPrap application/home/controller/debug.php in PHPRAP 1.0.4 through 1.0.8 has SSRF via the /debug URI, as demonstrated by an api[url]=file:////etc/passwd&api[method]=get POST request. | 9.8 |
| 2018-05-02 | CVE-2018-9919 | Server-Side Request Forgery (SSRF) vulnerability in Tp-Shop 2.0.5/2.0.8 A web-accessible backdoor, with resultant SSRF, exists in Tp-shop 2.0.5 through 2.0.8, which allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution, because /vendor/phpdocumentor/reflection-docblock/tests/phpDocumentor/Reflection/DocBlock/Tag/LinkTagTeet.php writes data from the "down_url" URL into the "bddlj" local file if the attacker knows the backdoor "jmmy" parameter. | 9.8 |
| 2018-05-02 | CVE-2018-9302 | Server-Side Request Forgery (SSRF) vulnerability in Getcockpit Cockpit SSRF (Server Side Request Forgery) in /assets/lib/fuc.js.php in Cockpit 0.4.4 through 0.5.5 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter. | 9.1 |