HomePentest-Tools.com Logo

Appwrite <=1.2.1 - Server-Side Request Forgery CVE-2023-27159

Severity
CVSSv3 Score
7.5
Vulnerability description

Appwrite through 1.2.1 is susceptible to server-side request forgery via the component /v1/avatars/favicon. An attacker can potentially access network resources and sensitive information via a crafted GET request, thereby also making it possible to modify data and/or execute unauthorized administrative operations in the context of the affected site.\n

Risk description

No risk description to display.

Recommendation

Upgrade Appwrite to a version higher than 1.2.1 to mitigate the SSRF vulnerability.

Codename
Not available
Detectable with
Network Scanner
Scan engine
Nuclei
Exploitable with Sniper
No
CVE Published
Mar 31, 2023
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available