CVE-2020-11452

MEDIUM Year: 2020
CVSS v3 Score
4.3
Medium
CVSS v2 Score
4.0
Medium
Weakness Type
CWE-918
View all →

Vulnerability Description

Microstrategy Web 10.4 includes functionality to allow users to import files or data from external resources such as URLs or databases. By providing an external URL under attacker control, it's possible to send requests to external resources (aka SSRF) or leak files from the local system using the file:// stream wrapper.

Related Vulnerabilities

CVE-2017-15029

MEDIUM
CVSS:4.3(Medium)

Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF.

CWE-9182017

CVE-2017-18036

MEDIUM
CVSS:4.3(Medium)

The Github repository importer in Atlassian Bitbucket Server before version 5.3.0 allows remote attackers to determine if a service they could not otherwise reach has open ports via a Server Side Requ...

CWE-9182017

CVE-2018-1000185

MEDIUM
CVSS:4.3(Medium)

A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a GET...

CWE-9182018

CVE-2018-17450

MEDIUM
CVSS:4.3(Medium)

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via the Kubernetes integra...

CWE-9182018

CVE-2018-1999039

MEDIUM
CVSS:4.3(Medium)

A server-side request forgery vulnerability exists in Jenkins Confluence Publisher Plugin 2.0.1 and earlier in ConfluenceSite.java that allows attackers to have Jenkins submit login requests to an att...

CWE-9182018

CVE-2019-1003020

MEDIUM
CVSS:4.3(Medium)

A server-side request forgery vulnerability exists in Jenkins Kanboard Plugin 1.5.10 and earlier in KanboardGlobalConfiguration.java that allows attackers with Overall/Read permission to submit a GET ...

CWE-9182019