The unoconv package before 0.9 mishandles untrusted pathnames, leading to SSRF and local file inclusion.
Tag: Server Side Request Forgery (SSRF)
ASA-2019-00606 – Jenkins 360 FireLine Plugin: XML External Entity (XXE) vulnerability
A form validation method that accepts XML does not perform permission checks. This allows users with Overall/Read permission to have Jenkins parse a crafted XML file that uses external entities for extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service attacks.
ASA-2019-00179 – Magento: Arbitrary code execution due to the unsafe handling of an API call to a core bundled extension
An authenticated user with privileges to configure store settings can execute arbitrary code execution through Server-Side Request Forgery (SSRF).
ASA-2019-00103 – Jenkins: Cross-Site Request Forgery (CSRF) vulnerability and missing permission checks in Kanboard Plugin allowed Server-Side Request Forgery (SSRF)
Kanboard Plugin did not perform permission checks on a method implementing form validation. This allowed users with Overall/Read access to Jenkins to submit a GET request to an attacker-specified URL. Additionally, this form validation method did not require POST requests, resulting in a CSRF vulnerability.
ASA-2019-00098 – Jenkins: XML External Entity (XXE) vulnerability in Job Import Plugin
Job Import Plugin allows to import jobs from other Jenkins instances. As a first step in this process, Job Import Plugin sends a request to another Jenkins instance, parsing XML REST API output to obtain a list of jobs that could be imported. Job Import Plugin did not configure the XML parser in a way that would prevent XML External Entity (XXE) processing. This allowed attackers able to control either the server Jenkins will query, or the URL Jenkins queries, to have it parse a maliciously crafted XML response that uses external entities for extraction of secrets from the Jenkins master, server-side request forgery (SSRF), or denial-of-service attacks.