oss-sec mailing list archives
CVE-2023-25195: Apache Fineract: SSRF template type vulnerability in certain authenticated users
From: James Dailey <jdailey () apache org>
Date: Mon, 27 Mar 2023 16:20:40 +0000
Severity: moderate Description: Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache Fineract. Authorized users with limited permissions can gain access to server and may be able to use server for any outbound traffic. This issue affects Apache Fineract: from 1.4 through 1.8.3. Credit: Huydoppa from GHTK (reporter) Aleksander (remediation developer) References: https://fineract.apache.org/ https://www.cve.org/CVERecord?id=CVE-2023-25195
Current thread:
- CVE-2023-25195: Apache Fineract: SSRF template type vulnerability in certain authenticated users James Dailey (Mar 27)