CVE-2024-42182

LOW Year: 2024
CVSS v3 Score
2.5
Low
Weakness Type
CWE-918
View all →

Vulnerability Description

BigFix Patch Download Plug-ins are affected by Server-Side Request Forgery (SSRF) vulnerability. It may allow the application to download files from an internally hosted server on localhost.

Related Vulnerabilities

CVE-2023-4624

LOW
CVSS:2.4(Low)

Server-Side Request Forgery (SSRF) in GitHub repository bookstackapp/bookstack prior to v23.08.

CWE-9182023

CVE-2023-6195

LOW
CVSS:2.6(Low)

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.5 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. GitLab was vulne...

CWE-9182023

CVE-2021-22033

LOW
CVSS:2.7(Low)

Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability.

CWE-9182021

CVE-2021-24371

LOW
CVSS:2.7(Low)

The Import feature of the RSVPMaker WordPress plugin before 8.7.3 (/wp-admin/tools.php?page=rsvpmaker_export_screen) takes an URL input and calls curl on it, without first validating it to ensure it's...

CWE-9182021

CVE-2021-25939

LOW
CVSS:2.7(Low)

In ArangoDB, versions v3.7.0 through v3.9.0-alpha.1 have a feature which allows downloading a Foxx service from a publicly available URL. This feature does not enforce proper filtering of requests per...

CWE-9182021

CVE-2021-40537

LOW
CVSS:2.7(Low)

Server Side Request Forgery (SSRF) vulnerability exists in owncloud/user_ldap < 0.15.4 in the settings of the user_ldap app. Administration role is necessary for exploitation.

CWE-9182021