CVE-2023-6195

LOW Year: 2023
CVSS v3 Score
2.6
Low
Weakness Type
CWE-918
View all →

Vulnerability Description

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.5 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. GitLab was vulnerable to Server Side Request Forgery when an attacker uses a malicious URL in the markdown image value when importing a GitHub repository.

Related Vulnerabilities

CVE-2021-22033

LOW
CVSS:2.7(Low)

Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability.

CWE-9182021

CVE-2021-24371

LOW
CVSS:2.7(Low)

The Import feature of the RSVPMaker WordPress plugin before 8.7.3 (/wp-admin/tools.php?page=rsvpmaker_export_screen) takes an URL input and calls curl on it, without first validating it to ensure it's...

CWE-9182021

CVE-2021-25939

LOW
CVSS:2.7(Low)

In ArangoDB, versions v3.7.0 through v3.9.0-alpha.1 have a feature which allows downloading a Foxx service from a publicly available URL. This feature does not enforce proper filtering of requests per...

CWE-9182021

CVE-2021-40537

LOW
CVSS:2.7(Low)

Server Side Request Forgery (SSRF) vulnerability exists in owncloud/user_ldap < 0.15.4 in the settings of the user_ldap app. Administration role is necessary for exploitation.

CWE-9182021

CVE-2021-4075

LOW
CVSS:2.7(Low)

snipe-it is vulnerable to Server-Side Request Forgery (SSRF)

CWE-9182021

CVE-2022-2556

LOW
CVSS:2.7(Low)

The Mailchimp for WooCommerce WordPress plugin before 2.7.2 has an AJAX action that allows high privilege users to perform a POST request on behalf of the server to the internal network/LAN, the body ...

CWE-9182022