CVE-2024-8977

HIGH Year: 2024
CVSS v3 Score
8.1
High
Weakness Type
CWE-918
View all →

Vulnerability Description

An issue has been discovered in GitLab EE affecting all versions starting from 15.10 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2. Instances with Product Analytics Dashboard configured and enabled could be vulnerable to SSRF attacks.

Related Vulnerabilities

CVE-2017-16870

HIGH
CVSS:8.1(High)

The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the updraft_ajax_handler function in /wp-content/plugins/updraftplus/admin.php via an httpget subaction. NOTE: the vendor reports that ...

CWE-9182017

CVE-2017-6201

HIGH
CVSS:8.1(High)

A Server Side Request Forgery vulnerability exists in the install app process in Sandstorm before build 0.203. A remote attacker may exploit this issue by providing a URL. It could bypass access contr...

CWE-9182017

CVE-2018-20436

HIGH
CVSS:8.1(High)

The "secret chat" feature in Telegram 4.9.1 for Android has a "side channel" in which Telegram servers send GET requests for URLs typed while composing a chat message, before that chat message is sent...

CWE-9182018

CVE-2020-21649

HIGH
CVSS:8.1(High)

Myucms v2.2.1 contains a server-side request forgery (SSRF) in the component \controller\index.php, which can be exploited via the sql() method.

CWE-9182020

CVE-2020-22983

HIGH
CVSS:8.1(High)

A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and earlier, allows remote unauthenticated attackers to conduct a server-side request forgery (SSRF) attack via ...

CWE-9182020

CVE-2020-8134

HIGH
CVSS:8.1(High)

Server-side request forgery (SSRF) vulnerability in Ghost CMS < 3.10.0 allows an attacker to scan local or external network or otherwise interact with internal systems.

CWE-9182020