PT-2024-3866 · Apache · Apache Servicecomb

Published

2024-01-31

Updated

2024-06-28

CVE-2023-44313

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:P/A:P

Name of the Vulnerable Software and Affected Versions Apache ServiceComb versions prior to 2.1.0 Apache ServiceComb versions prior to 2.2.0

Description The issue is related to a Server-Side Request Forgery (SSRF) vulnerability in Apache ServiceComb Service-Center, which can be exploited by attackers to obtain sensitive server information through specially crafted requests.

Recommendations For Apache ServiceComb versions prior to 2.1.0, upgrade to version 2.2.0, which fixes the issue. For Apache ServiceComb versions prior to 2.2.0, upgrade to version 2.2.0, which fixes the issue.

Exploit

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

BDU:2024-04267

CVE-2023-44313

GHSA-9XC9-XQ7W-VPCR

GO-2024-2495

Affected Products

Apache Servicecomb

PT-2024-3866 · Apache · Apache Servicecomb

CVE-2023-44313

Weakness Enumeration

Related Identifiers

Affected Products

References · 23