Server-Side Request Forgery in Forem by Forem
CVE-2023-27160

7.2HIGH

Key Information:

Vendor: Forem
Status: Forem
Vendor: CVE Published:; 31 March 2023

What is CVE-2023-27160?

The Forem platform prior to version 2022.11.11 has a vulnerability that allows attackers to exploit Server-Side Request Forgery (SSRF) via the endpoint /articles/{id}. This security flaw enables unauthorized access to internal network resources, potentially leading to the exposure of sensitive information through specially crafted POST requests. Implement appropriate security measures to mitigate this risk.

References

http://forem.com

https://github.com/forem/forem

https://notes.sjtu.edu.cn/s/MUUhEymt7

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 31, 2023
Vulnerability Reserved
Feb 27, 2023

CVE-2023-27160 Data

JSON