Total
1417 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-10220 | 1 Mushmush | 1 Glastopf | 2024-11-21 | N/A |
| Glastopf 3.1.3-dev has SSRF, as demonstrated by the abc.php a parameter. NOTE: the vendor indicates that this is intentional behavior because the product is a web application honeypot, and modules/handlers/emulators/rfi.py supports Remote File Inclusion emulation | ||||
| CVE-2018-10174 | 1 Digitalguardian | 1 Management Console | 2024-11-21 | N/A |
| Digital Guardian Management Console 7.1.2.0015 has an SSRF issue that allows remote attackers to read arbitrary files via file:// URLs, send TCP traffic to intranet hosts, or obtain an NTLM hash. This can occur even if the logged-in user has a read-only role. | ||||
| CVE-2018-1000606 | 1 Jenkins | 1 Urltrigger | 2024-11-21 | N/A |
| A server-side request forgery vulnerability exists in Jenkins URLTrigger Plugin 0.41 and earlier in URLTrigger.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. | ||||
| CVE-2018-1000553 | 1 Trovebox | 1 Trovebox | 2024-11-21 | N/A |
| Trovebox version <= 4.0.0-rc6 contains a Server-Side request forgery vulnerability in webhook component that can result in read or update internal resources. This attack appear to be exploitable via HTTP request. This vulnerability appears to have been fixed in after commit 742b8ed. | ||||
| CVE-2018-1000422 | 1 Atlassian | 1 Crowd2 | 2024-11-21 | N/A |
| An improper authorization vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java that allows attackers to have Jenkins perform a connection test, connecting to an attacker-specified server with attacker-specified credentials and connection settings. | ||||
| CVE-2018-1000421 | 1 Apache | 1 Mesos | 2024-11-21 | N/A |
| An improper authorization vulnerability exists in Jenkins Mesos Plugin 0.17.1 and earlier in MesosCloud.java that allows attackers with Overall/Read access to initiate a test connection to an attacker-specified Mesos server with attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2018-1000188 | 1 Jenkins | 1 Cas | 2024-11-21 | N/A |
| A server-side request forgery vulnerability exists in Jenkins CAS Plugin 1.4.1 and older in CasSecurityRealm.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. | ||||
| CVE-2018-1000185 | 1 Jenkins | 1 Github Branch Source | 2024-11-21 | N/A |
| A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. | ||||
| CVE-2018-1000184 | 1 Jenkins | 1 Github | 2024-11-21 | N/A |
| A server-side request forgery vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubPluginConfig.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. | ||||
| CVE-2018-1000182 | 1 Jenkins | 1 Git | 2024-11-21 | N/A |
| A server-side request forgery vulnerability exists in Jenkins Git Plugin 3.9.0 and older in AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.java, TFS2013GitRepositoryBrowser.java, ViewGitWeb.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. | ||||
| CVE-2018-1000138 | 1 I-librarian | 1 I Librarian | 2024-11-21 | N/A |
| I, Librarian version 4.8 and earlier contains a SSRF vulnerability in "url" parameter of getFromWeb in functions.php that can result in the attacker abusing functionality on the server to read or update internal resources. | ||||
| CVE-2018-1000124 | 1 I-librarian | 1 I\, Librarian | 2024-11-21 | N/A |
| I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.php(simplexml_load_string) that can result in an attacker reading the contents of a file and SSRF. This attack appear to be exploitable via posting xml in the Parameter form_import_textarea. | ||||
| CVE-2018-1000067 | 2 Jenkins, Oracle | 2 Jenkins, Communications Cloud Native Core Automated Test Suite | 2024-11-21 | 5.3 Medium |
| An improper authorization vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to have Jenkins submit HTTP GET requests and get limited information about the response. | ||||
| CVE-2018-1000056 | 1 Jenkins | 1 Junit | 2024-11-21 | N/A |
| Jenkins JUnit Plugin 1.23 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks. | ||||
| CVE-2018-1000055 | 1 Jenkins | 1 Android Lint | 2024-11-21 | N/A |
| Jenkins Android Lint Plugin 2.5 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks. | ||||
| CVE-2018-1000054 | 1 Jenkins | 1 Ccm | 2024-11-21 | N/A |
| Jenkins CCM Plugin 3.1 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks. | ||||
| CVE-2017-9506 | 1 Atlassian | 1 Oauth | 2024-11-21 | N/A |
| The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF). | ||||
| CVE-2017-9458 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | N/A |
| XML external entity (XXE) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x before 8.0.3 allows remote attackers to obtain sensitive information, cause a denial of service, or conduct server-side request forgery (SSRF) attacks via unspecified vectors. | ||||
| CVE-2017-9355 | 1 Subsonic | 1 Subsonic | 2024-11-21 | N/A |
| XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist file. | ||||
| CVE-2017-9307 | 1 Allen Disk Project | 1 Allen Disk | 2024-11-21 | N/A |
| SSRF vulnerability in remotedownload.php in Allen Disk 1.6 allows remote authenticated users to conduct port scans and access intranet servers via a crafted file parameter. | ||||