CVE-2023-27159

Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request.
Configurations

Configuration 1 (hide)

cpe:2.3:a:appwrite:appwrite:*:*:*:*:*:*:*:*

History

08 Apr 2023, 02:04

Type Values Removed Values Added
References (MISC) https://gist.github.com/b33t1e/43b26c31e895baf7e7aea2dbf9743a9a - (MISC) https://gist.github.com/b33t1e/43b26c31e895baf7e7aea2dbf9743a9a - Exploit, Third Party Advisory
References (MISC) https://notes.sjtu.edu.cn/gMNlpByZSDiwrl9uZyHTKA - (MISC) https://notes.sjtu.edu.cn/gMNlpByZSDiwrl9uZyHTKA - Exploit, Third Party Advisory
References (MISC) http://appwrite.com - (MISC) http://appwrite.com - Broken Link
References (MISC) https://gist.github.com/b33t1e/e9e8192317c111e7897e04d2f9bf5fdb - (MISC) https://gist.github.com/b33t1e/e9e8192317c111e7897e04d2f9bf5fdb - Exploit, Third Party Advisory
References (MISC) https://github.com/appwrite/appwrite - (MISC) https://github.com/appwrite/appwrite - Product
CPE cpe:2.3:a:appwrite:appwrite:*:*:*:*:*:*:*:*
CWE CWE-918
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
First Time Appwrite
Appwrite appwrite

31 Mar 2023, 19:17

Type Values Removed Values Added
New CVE

Information

Published : 2023-03-31 19:15

Updated : 2023-12-10 15:01


NVD link : CVE-2023-27159

Mitre link : CVE-2023-27159

CVE.ORG link : CVE-2023-27159


JSON object : View

Products Affected

appwrite

  • appwrite
CWE
CWE-918

Server-Side Request Forgery (SSRF)