exploitDog

GHSA-mffv-q36c-x853

Опубликовано: 13 янв. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 7.5

Описание

A Server-Side Request Forgery (SSRF) in Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to gain access to sensitive resources on the internal network via a crafted HTTP request to /trufusionPortal/upDwModuleProxy.

A Server-Side Request Forgery (SSRF) in Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to gain access to sensitive resources on the internal network via a crafted HTTP request to /trufusionPortal/upDwModuleProxy.

Ссылки

EPSS

Процентиль: 86%

0.02868

Низкий

7.5 High

CVSS3

CVE ID

Дефекты

CWE-918

Связанные уязвимости

CVE-2022-25026

CVSS3: 7.5

nvd

около 3 лет назад

A Server-Side Request Forgery (SSRF) in Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to gain access to sensitive resources on the internal network via a crafted HTTP request to /trufusionPortal/upDwModuleProxy.

EPSS

Процентиль: 86%

0.02868

Низкий

7.5 High

CVSS3

CVE ID

Дефекты

CWE-918