CVE-2023-44313

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-44313
Server-Side Request Forgery (SSRF) vulnerability in Apache ServiceComb Service-Center. Attackers can obtain sensitive server information through specially crafted requests.This issue affects Apache ServiceComb before 2.1.0(include). Users are recommended to upgrade to version 2.2.0, which fixes the issue.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
http://www.openwall.com/lists/oss-security/2024/01/31/4 Mailing List Third Party Advisory
https://lists.apache.org/thread/kxovd455o9h4f2v811hcov2qknbwld5r Mailing List Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:servicecomb:*:*:*:*:*:*:*:*
History

08 Feb 2024, 17:13

Type Values Removed Values Added
First Time Apache
Apache servicecomb
CPE cpe:2.3:a:apache:servicecomb:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : 7.6 		v2 : unknown
v3 : 7.5
References () http://www.openwall.com/lists/oss-security/2024/01/31/4 - () http://www.openwall.com/lists/oss-security/2024/01/31/4 - Mailing List, Third Party Advisory
References () https://lists.apache.org/thread/kxovd455o9h4f2v811hcov2qknbwld5r - () https://lists.apache.org/thread/kxovd455o9h4f2v811hcov2qknbwld5r - Mailing List, Third Party Advisory

31 Jan 2024, 18:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/01/31/4 -

31 Jan 2024, 14:05

Type Values Removed Values Added
Summary
  • (es) Vulnerabilidad de Server-Side Request Forgery (SSRF) en Apache ServiceComb Service-Center. Los atacantes pueden obtener información confidencial del servidor a través de solicitudes especialmente manipuladas. Este problema afecta a Apache ServiceComb anterior a 2.1.0 (incluido). Se recomienda a los usuarios actualizar a la versión 2.2.0, que soluciona el problema.

31 Jan 2024, 09:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-01-31 09:15

Updated : 2024-02-08 17:13

NVD link : CVE-2023-44313

Mitre link : CVE-2023-44313

CVE.ORG link : CVE-2023-44313

JSON object : View

Products Affected

apache

  • servicecomb
CWE
CWE-918

Server-Side Request Forgery (SSRF)