CVE-2023-44313

HIGH7.6EPSS 69.1%

Apache ServiceComb Service-Center Server-Side Request Forgery vulnerability

發布日:2024/1/31修改日:2025/2/13

也稱為:GHSA-9xc9-xq7w-vpcrGO-2024-2495

描述

Server-Side Request Forgery (SSRF) vulnerability in Apache ServiceComb Service-Center. Attackers can obtain sensitive server information through specially crafted requests.This issue affects Apache ServiceComb before 2.1.0 (included). Users are recommended to upgrade to version 2.2.0, which fixes the issue.

受影響套件(2)

Go/github.com/apache/servicecomb-service-centerfrom 0, < 2.2.0
Go/github.com/apache/servicecomb-service-centerfrom 0

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N
osv	CVSS 3.1	HIGH7.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L

參考連結(5)

ADVISORYhttps://github.com/advisories/GHSA-9xc9-xq7w-vpcr
ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-44313
PATCHhttps://github.com/apache/servicecomb-service-center
WEBhttps://lists.apache.org/thread/kxovd455o9h4f2v811hcov2qknbwld5r
WEBhttp://www.openwall.com/lists/oss-security/2024/01/31/4