oss-sec mailing list archives

CVE-2023-44313: Apache ServiceComb Service-Center: attacker can perform SSRF through the frontend API

From: "bismy" <bismy () qq com>
Date: Wed, 31 Jan 2024 15:49:54 +0800

Affected versions:

- Apache ServiceComb Service-Center through 2.1.0

Description:

Server-Side Request Forgery (SSRF) vulnerability in Apache ServiceComb Service-Center. Attackers can obtain sensitive 
server information through specially crafted requests.This issue affects Apache ServiceComb before 2.1.0(include).

Users are recommended to upgrade to version 2.2.0, which fixes the issue.

Credit:

?? ??  (finder)

References:

https://servicecomb.apache.org/
https://www.cve.org/CVERecord?id=CVE-2023-44313

Current thread:

CVE-2023-44313: Apache ServiceComb Service-Center: attacker can perform SSRF through the frontend API bismy (Jan 31)