Vulnerability Description
forem up to v2022.11.11 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /articles/{id}. This vulnerability allows attackers to access network resources and sensitive information via a crafted POST request.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Forem | Forem | <= 2022.11.11 |
Related Weaknesses (CWE)
References
- http://forem.comProduct
- https://gist.github.com/b33t1e/6172286862a4486b5888f3cbbdc6316dThird Party Advisory
- https://github.com/forem/foremProduct
- https://notes.sjtu.edu.cn/s/MUUhEymt7ExploitThird Party Advisory
- http://forem.comProduct
- https://gist.github.com/b33t1e/6172286862a4486b5888f3cbbdc6316dThird Party Advisory
- https://github.com/forem/foremProduct
- https://notes.sjtu.edu.cn/s/MUUhEymt7ExploitThird Party Advisory
- https://gist.github.com/b33t1e/6172286862a4486b5888f3cbbdc6316dThird Party Advisory
FAQ
What is CVE-2023-27160?
CVE-2023-27160 is a vulnerability with a CVSS score of 7.2 (HIGH). forem up to v2022.11.11 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /articles/{id}. This vulnerability allows attackers to access network resources and sensitive i...
How severe is CVE-2023-27160?
CVE-2023-27160 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-27160?
Check the references section above for vendor advisories and patch information. Affected products include: Forem Forem.