CVE-2023-42812

MEDIUM Year: 2023
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-918
View all →

Vulnerability Description

Galaxy is an open-source platform for FAIR data analysis. Prior to version 22.05, Galaxy is vulnerable to server-side request forgery, which allows a malicious to issue arbitrary HTTP/HTTPS requests from the application server to internal hosts and read their responses. Version 22.05 contains a patch for this issue.

Related Vulnerabilities

CVE-2017-15029

MEDIUM
CVSS:4.3(Medium)

Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF.

CWE-9182017

CVE-2017-18036

MEDIUM
CVSS:4.3(Medium)

The Github repository importer in Atlassian Bitbucket Server before version 5.3.0 allows remote attackers to determine if a service they could not otherwise reach has open ports via a Server Side Requ...

CWE-9182017

CVE-2018-1000185

MEDIUM
CVSS:4.3(Medium)

A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a GET...

CWE-9182018

CVE-2018-17450

MEDIUM
CVSS:4.3(Medium)

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via the Kubernetes integra...

CWE-9182018

CVE-2018-1999039

MEDIUM
CVSS:4.3(Medium)

A server-side request forgery vulnerability exists in Jenkins Confluence Publisher Plugin 2.0.1 and earlier in ConfluenceSite.java that allows attackers to have Jenkins submit login requests to an att...

CWE-9182018

CVE-2019-1003020

MEDIUM
CVSS:4.3(Medium)

A server-side request forgery vulnerability exists in Jenkins Kanboard Plugin 1.5.10 and earlier in KanboardGlobalConfiguration.java that allows attackers with Overall/Read permission to submit a GET ...

CWE-9182019