CVE-2024-5186

HIGH Year: 2024
CVSS v3 Score
8.3
High
Weakness Type
CWE-918
View all →

Vulnerability Description

A Server-Side Request Forgery (SSRF) vulnerability exists in the file upload section of imartinez/privategpt version 0.5.0. This vulnerability allows attackers to send crafted requests that could result in unauthorized access to the local network and potentially sensitive information. Specifically, by manipulating the 'path' parameter in a file upload request, an attacker can cause the application to make arbitrary requests to internal services, including the AWS metadata endpoint. This issue could lead to the exposure of internal servers and sensitive data.

Related Vulnerabilities

CVE-2012-10018

HIGH
CVSS:8.3(High)

The Mapplic and Mapplic Lite plugins for WordPress are vulnerable to Server-Side Request Forgery in versions up to, and including 6.1, 1.0 respectively. This makes it possible for attackers to forgery...

CWE-9182012

CVE-2020-10252

HIGH
CVSS:8.3(High)

An issue was discovered in ownCloud before 10.4. Because of an SSRF issue (via the apps/files_sharing/external remote parameter), an authenticated attacker can interact with local services blindly (ak...

CWE-9182020

CVE-2020-24139

HIGH
CVSS:8.3(High)

Server-side request forgery in Wcms 0.3.2 lets an attacker send crafted requests from the back-end server of a vulnerable web application via the path parameter to wex/cssjs.php. It can help identify ...

CWE-9182020

CVE-2020-24140

HIGH
CVSS:8.3(High)

Server-side request forgery in Wcms 0.3.2 let an attacker send crafted requests from the back-end server of a vulnerable web application via the pagename parameter to wex/html.php. It can help identif...

CWE-9182020

CVE-2022-1285

HIGH
CVSS:8.3(High)

Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.8.

CWE-9182022

CVE-2023-3188

HIGH
CVSS:8.3(High)

Server-Side Request Forgery (SSRF) in GitHub repository owncast/owncast prior to 0.1.0.

CWE-9182023