CVE-2023-25195

Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache Fineract. Authorized users with limited permissions can gain access to server and may be able to use server for any outbound traffic. This issue affects Apache Fineract: from 1.4 through 1.8.3.
References
Link Resource
https://lists.apache.org/thread/m58fdjmtkfp9h4c0r4l48rv995w3qhb6 Mailing List Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:fineract:*:*:*:*:*:*:*:*

History

31 Mar 2023, 13:43

Type Values Removed Values Added
CPE cpe:2.3:a:apache:fineract:*:*:*:*:*:*:*:*
References (MISC) https://lists.apache.org/thread/m58fdjmtkfp9h4c0r4l48rv995w3qhb6 - (MISC) https://lists.apache.org/thread/m58fdjmtkfp9h4c0r4l48rv995w3qhb6 - Mailing List, Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.1

28 Mar 2023, 16:28

Type Values Removed Values Added
New CVE

Information

Published : 2023-03-28 12:15

Updated : 2024-10-23 16:35


NVD link : CVE-2023-25195

Mitre link : CVE-2023-25195

CVE.ORG link : CVE-2023-25195


JSON object : View

Products Affected

apache

  • fineract
CWE
CWE-918

Server-Side Request Forgery (SSRF)