CVE-2023-45152

LOW Year: 2023
CVSS v3 Score
2.3
Low
Weakness Type
CWE-918
View all →

Vulnerability Description

Engelsystem is a shift planning system for chaos events. A Blind SSRF in the "Import schedule" functionality makes it possible to perform a port scan against the local environment. This vulnerability has been fixed in commit ee7d30b33. If a patch cannot be deployed, operators should ensure that no HTTP(s) services listen on localhost and/or systems only reachable from the host running the engelsystem software. If such services are necessary, they should utilize additional authentication.

Related Vulnerabilities

CVE-2023-4624

LOW
CVSS:2.4(Low)

Server-Side Request Forgery (SSRF) in GitHub repository bookstackapp/bookstack prior to v23.08.

CWE-9182023

CVE-2024-42182

LOW
CVSS:2.5(Low)

BigFix Patch Download Plug-ins are affected by Server-Side Request Forgery (SSRF) vulnerability. It may allow the application to download files from an internally hosted server on localhost.

CWE-9182024

CVE-2023-6195

LOW
CVSS:2.6(Low)

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.5 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. GitLab was vulne...

CWE-9182023

CVE-2021-22033

LOW
CVSS:2.7(Low)

Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability.

CWE-9182021

CVE-2021-24371

LOW
CVSS:2.7(Low)

The Import feature of the RSVPMaker WordPress plugin before 8.7.3 (/wp-admin/tools.php?page=rsvpmaker_export_screen) takes an URL input and calls curl on it, without first validating it to ensure it's...

CWE-9182021

CVE-2021-25939

LOW
CVSS:2.7(Low)

In ArangoDB, versions v3.7.0 through v3.9.0-alpha.1 have a feature which allows downloading a Foxx service from a publicly available URL. This feature does not enforce proper filtering of requests per...

CWE-9182021