CVE-2023-48910

Name of the Vulnerable Software and Affected Versions Microcks versions up to 1.17.1

Description The issue allows attackers to access network resources and sensitive information via a crafted GET request. This is achieved through a Server-Side Request Forgery (SSRF) via the component /jobs and /artifact/download.

Recommendations For Microcks versions up to 1.17.1, consider restricting access to the /jobs and /artifact/download components to minimize the risk of exploitation. As a temporary workaround, avoid using these components until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.