CVE-2023-48910: Microcks contains a Server-Side Request Forgery (SSRF) via the component /jobs and /artifact/download

December 4, 2023 (updated October 15, 2024)

Microcks up to version 1.17.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /jobs and /artifact/download. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request.

References

gist.github.com/b33t1e/2a2dc17cf36cd741b2c99425c892d826
github.com/advisories/GHSA-gqj2-324p-vx73
github.com/microcks/microcks
github.com/orgs/microcks/discussions/892
nvd.nist.gov/vuln/detail/CVE-2023-48910

Code Behaviors & Features

Detect and mitigate CVE-2023-48910 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →