CWE-918

Ligeo Archives Ligeo Basics as of 02_01-2022 is vulnerable to Server Side Request Forgery (SSRF) which allows an attacker to read any documents via the download features.

An issue was discovered in xmppserver jar in the XMPP Server component of the JIve platform, as used in Pascom Cloud Phone System before 7.20.x (and in other products). An endpoint in the backend Tomcat server of the Pascom allows SSRF, a related issue to CVE-2019-18394.

A Server-Side Request Forgery (SSRF) attack in FUXA 1.1.3 can be carried out leading to the obtaining of sensitive information from the server’s internal environment and services, often potentially leading to the attacker executing commands on the server.

Server Side Request Forgery (SSRF) vulneraility exists in Gitea before 1.7.0 using the OpenID URL.

An issue was discovered in Spipu HTML2PDF before 5.2.4. Attackers can trigger deserialization of arbitrary data via the injection of a malicious tag in the converted HTML document.

** DISPUTED ** Adding a new pipeline in GoCD server version 21.3.0 has a functionality that could be abused to do an un-intended action in order to achieve a Server Side Request Forgery (SSRF). NOTE: the vendor’s position is that the observed behavior is not a vulnerability, because the product’s design allows an admin to configure outbound requests.