oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2023-25195: Apache Fineract: SSRF template type vulnerability in certain authenticated users

From: James Dailey <jdailey () apache org>
Date: Mon, 27 Mar 2023 16:20:40 +0000
Severity: moderate

Description:

Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache Fineract.
Authorized users with limited permissions can gain access to server and may be able to use server for any outbound 
traffic. 

This issue affects Apache Fineract: from 1.4 through 1.8.3.

Credit:

Huydoppa from GHTK  (reporter)
Aleksander (remediation developer)

References:

https://fineract.apache.org/
https://www.cve.org/CVERecord?id=CVE-2023-25195
Previous By Date Next
Previous By Thread Next

Current thread: