CVE-2023-45152

Name of the Vulnerable Software and Affected Versions Engelsystem versions prior to the version containing commit ee7d30b33

Description Engelsystem is a shift planning system for chaos events. A Blind SSRF in the "Import schedule" functionality makes it possible to perform a port scan against the local environment.

Recommendations For versions prior to the version containing commit ee7d30b33, ensure that no HTTP(s) services listen on localhost and/or systems only reachable from the host running the engelsystem software. If such services are necessary, they should utilize additional authentication.