Description
UReport v2.2.9 contains a Server-Side Request Forgery (SSRF) in the designer page which allows attackers to detect intranet device ports.
Remediation
References
https://github.com/youseries/ureport/issues/483
Related Vulnerabilities
CVE-2020-15270 Vulnerability in npm package parse-server
CVE-2020-11050 Vulnerability in maven package org.java-websocket:java-websocket
CVE-2023-36820 Vulnerability in maven package io.micronaut.security:micronaut-security-oauth2
CVE-2022-41934 Vulnerability in maven package org.xwiki.platform:xwiki-platform-menu-ui