How severe is CVE-2023-46124?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.2 out of 10.

What type of vulnerability is CVE-2023-46124?

This is classified as CWE-918, which is a common weakness in software security.

CVE-2023-46124 - HIGH Severity | CVSS 7.2

Vulnerability Description

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, and the enforcement of privacy regulations in code. The Fides web application allows a custom integration to be uploaded as a ZIP file containing configuration and dataset definitions in YAML format. It was discovered that specially crafted YAML dataset and config files allow a malicious user to perform arbitrary requests to internal systems and exfiltrate data outside the environment (also known as a Server-Side Request Forgery). The application does not perform proper validation to block attempts to connect to internal (including localhost) resources. The vulnerability has been patched in Fides version `2.22.1`.

Related Vulnerabilities

CVE-2015-7570

HIGH

CVSS:7.2(High)

Multiple server-side request forgery (SSRF) vulnerabilities in Yeager CMS 1.2.1 allow remote attackers to trigger outbound requests and enumerate open ports via the dbhost parameter to libs/org/adodb_...

CWE-9182015

CVE-2017-14585

HIGH

CVSS:7.2(High)

A Server Side Request Forgery (SSRF) vulnerability could lead to remote code execution for authenticated administrators. This issue was introduced in version 2.2.0 of Hipchat Server and version 3.0.0 ...

CWE-9182017

CVE-2017-18096

HIGH

CVSS:7.2(High)

The OAuth status rest resource in Atlassian Application Links before version 5.2.7, from 5.3.0 before 5.3.4 and from 5.4.0 before 5.4.3 allows remote attackers with administrative rights to access the...

CWE-9182017

CVE-2018-13790

HIGH

CVSS:7.2(High)

A Server Side Request Forgery (SSRF) vulnerability in tools/files/importers/remote.php in concrete5 8.2.0 can lead to attacks on the local network and mapping of the internal network, because of URL f...

CWE-9182018

CVE-2018-20499

HIGH

CVSS:7.2(High)

An issue was discovered in GitLab Community and Enterprise Edition before 11.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows SSRF.

CWE-9182018

CVE-2019-19999

HIGH

CVSS:7.2(High)

Halo before 1.2.0-beta.1 allows Server Side Template Injection (SSTI) because TemplateClassResolver.SAFER_RESOLVER is not used in the FreeMarker configuration.

CWE-9182019