CVE-2023-44313 — Server-Side Request Forgery in Apache Servicecomb-service-center

CWE-918 — Server-Side Request Forgery5 documents4 sources

Severity

7.5HIGHNVD

CNA7.6

EPSS

69.1%

top 1.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Github.com Apache Servicecomb-service-center Apache Servicecomb Apache Software Foundation Apache Servicecomb Service-center

Timeline

PublishedJan 31

Latest updateJun 28

Description

Server-Side Request Forgery (SSRF) vulnerability in Apache ServiceComb Service-Center. Attackers can obtain sensitive server information through specially crafted requests.This issue affects Apache ServiceComb before 2.1.0(include). Users are recommended to upgrade to version 2.2.0, which fixes the issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶Gogithub.com/apache_servicecomb-service-center< 2.2.0

▶CVEListV5apache_software_foundation/apache_servicecomb_service-center2.1.0

▶NVDapache/servicecomb< 2.2.0

🔴Vulnerability Details

OSV

Apache ServiceComb Service-Center Server-Side Request Forgery vulnerability in github.com/apache/servicecomb-service-center↗2024-06-28

▶

CVEList

Apache ServiceComb Service-Center: attacker can perform SSRF through the frontend API↗2024-01-31

▶

OSV

Apache ServiceComb Service-Center Server-Side Request Forgery vulnerability↗2024-01-31

▶

GHSA

Apache ServiceComb Service-Center Server-Side Request Forgery vulnerability↗2024-01-31

▶