CVE-2023-48910

描述

Microcks up to version 1.17.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /jobs and /artifact/download. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request.

如何修補 CVE-2023-48910

要修補 CVE-2023-48910,請將受影響套件升級到下列已修補版本。

• —升級至 1.17.1 或更新版本

CVE-2023-48910 正在被利用嗎?

低 — EPSS 為 0.3%,目前沒有觀察到大規模利用活動。

受影響套件(1)

• from 0, < 1.17.1

CVSS 分數

參考連結(4)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2023-48910
• PATCHgithub.com/microcks/microcks
• WEBgist.github.com/b33t1e/2a2dc17cf36cd741b2c99425c892d826
• WEBgithub.com/orgs/microcks/discussions/892