CVE-2023-28633

MEDIUM Year: 2023
CVSS v3 Score
5.4
Medium
Weakness Type
CWE-918
View all →

Vulnerability Description

GLPI is a free asset and IT management software package. Starting in version 0.84 and prior to versions 9.5.13 and 10.0.7, usage of RSS feeds is subject to server-side request forgery (SSRF). In case the remote address is not a valid RSS feed, an RSS autodiscovery feature is triggered. This feature does not check safety or URLs. Versions 9.5.13 and 10.0.7 contain a patch for this issue.

Related Vulnerabilities

CVE-2018-1000184

MEDIUM
CVSS:5.4(Medium)

A server-side request forgery vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubPluginConfig.java that allows attackers with Overall/Read access to cause Jenkins to send a GET re...

CWE-9182018

CVE-2018-1000188

MEDIUM
CVSS:5.4(Medium)

A server-side request forgery vulnerability exists in Jenkins CAS Plugin 1.4.1 and older in CasSecurityRealm.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request ...

CWE-9182018

CVE-2020-24700

MEDIUM
CVSS:5.4(Medium)

OX App Suite through 7.10.3 allows SSRF because GET requests are sent to arbitrary domain names with an initial autoconfig. substring.

CWE-9182020

CVE-2020-4786

MEDIUM
CVSS:5.4(Medium)

IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unau...

CWE-9182020