Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

imgproxy SSRF (CVE-2023-30019)

Description

imgproxy allows an unauthenticated attacker to send arbitrary requests to perform lookups on the internal network which is otherwise not accessible externally. An attacker may use this feature to perform SSRF (server-side request forgery) attacks on the server.

Remediation

Upgrade to the latest version of imgproxy

References

imgproxy is vulnerable to Server-Side Request Forgery

CVE-2023-30019: SSRF in imgproxy<=3.14.0

Related Vulnerabilities

MySQL CVE-2021-2174 Vulnerability (CVE-2021-2174)

Moodle Improper Input Validation Vulnerability (CVE-2012-1168)

IBM RTC Incorrect Authorization Vulnerability (CVE-2017-1700)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-2643)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2358)

Severity

Medium

Classification

CVE-2023-30019 CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

Tags

Acumonitor SSRF Known Vulnerabilities