Server-Side Request Forgery (SSRF) Vulnerability Affects Apache ServiceComb Before 2.1.0
CVE-2023-44313

7.6HIGH

Key Information:

Vendor: Apache
Status: Apache Servicecomb Service-center
Vendor: CVE Published:; 31 January 2024

Summary

The Server-Side Request Forgery (SSRF) vulnerability in Apache ServiceComb Service-Center enables attackers to craft specific requests that can lead to the exposure of sensitive server information. This vulnerability impacts all versions before 2.1.0. To mitigate this risk, users are advised to upgrade to version 2.2.0, which effectively resolves the issue.

Affected Version(s)

Apache ServiceComb Service-Center 0 <= 2.1.0

References

https://lists.apache.org/thread/kxovd455o9h4f2v811hcov2qk...

vendor-advisory

http://www.openwall.com/lists/oss-security/2024/01/31/4

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 31, 2024
Vulnerability Reserved
Sep 28, 2023

Credit

苏安 <[email protected]>