CVE-2023-27159

Exploit

EPSS 84.69%
Veröffentlicht 31.03.2023 19:15:07
Zuletzt bearbeitet 18.02.2025 15:15:13
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Appwrite ≫ Appwrite Version <= 1.2.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	84.69%	0.993

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

http://appwrite.com

Broken Link

https://gist.github.com/b33t1e/43b26c31e895baf7e7aea2dbf9743a9a

Third Party Advisory

Exploit

https://gist.github.com/b33t1e/e9e8192317c111e7897e04d2f9bf5fdb

Third Party Advisory

Exploit

https://github.com/appwrite/appwrite

Product

https://notes.sjtu.edu.cn/gMNlpByZSDiwrl9uZyHTKA

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2023-27159

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-27159

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-27159

EUVD