CVE-2023-24060

MEDIUM Year: 2023
CVSS v3 Score
5.0
Medium
Weakness Type
CWE-918
View all →

Vulnerability Description

Haven 5d15944 allows Server-Side Request Forgery (SSRF) via the feed[url]= Feeds functionality. Authenticated users with the ability to create new RSS Feeds or add RSS Feeds can supply an arbitrary hostname (or even the hostname of the Haven server itself). NOTE: this product has significant usage but does not have numbered releases; ordinary end users may typically use the master branch.

Related Vulnerabilities

CVE-2018-20497

MEDIUM
CVSS:5.0(Medium)

An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows SSRF.

CWE-9182018

CVE-2019-1679

MEDIUM
CVSS:5.0(Medium)

A vulnerability in the web interface of Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server (VCS) Software could allow an authenticated, remote att...

CWE-9182019

CVE-2020-12644

MEDIUM
CVSS:5.0(Medium)

OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list API.

CWE-9182020

CVE-2020-15002

MEDIUM
CVSS:5.0(Medium)

OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API.

CWE-9182020

CVE-2020-36232

MEDIUM
CVSS:5.0(Medium)

The MessageBundleWhiteList class of atlassian-gadgets before version 4.2.37, from version 4.3.0 before 4.3.14, from version 4.3.2.0 before 4.3.2.4, from version 4.4.0 before 4.4.12, and from version 5...

CWE-9182020