CVE-2019-9187

Name of the Vulnerable Software and Affected Versions ikiwiki versions prior to 3.20170111.1 ikiwiki versions 3.2018x ikiwiki versions 3.2019x prior to 3.20190228

Description The issue allows for Server-Side Request Forgery (SSRF) via the aggregate plugin, which can also be used to read local files through file: URIs. This can enable a remote attacker to gain unauthorized access to protected information.

Recommendations For versions prior to 3.20170111.1, update to version 3.20170111.1 or later. For versions 3.2018x, consider disabling the aggregate plugin until a patch is available. For versions 3.2019x prior to 3.20190228, update to version 3.20190228 or later. As a temporary workaround, consider restricting access to the aggregate plugin to minimize the risk of exploitation.