CVE-2023-25195

CWE-918Server-Side Request Forgery (SSRF)3 documents3 sources
Severity
8.1HIGH
EPSS
0.2%
top 62.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache FineractApache Fineract
Timeline
PublishedMar 28

Description

Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache Fineract. Authorized users with limited permissions can gain access to server and may be able to use server for any outbound traffic. This issue affects Apache Fineract: from 1.4 through 1.8.3.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

NVDapache/fineract1.4.01.8.3

🔴Vulnerability Details

2
GHSA
GHSA-c856-8gm2-wg44: Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache Fineract2023-03-28
CVEList
Apache Fineract: SSRF template type vulnerability in certain authenticated users2023-03-28
CVE-2023-25195 (HIGH CVSS 8.1) | Server-Side Request Forgery (SSRF) | cvebase.io