CVE-2023-25195 Apache Fineract: SSRF template type vulnerability in certain authenticated users

2023-03-2811:16:28

CWE-918

apache

www.cve.org

apache fineract

ssrf

cve-2023-25195

AI Score

8.4

Confidence

High

EPSS

0.001

Percentile

40.9%

JSON

Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache Fineract.
Authorized users with limited permissions can gain access to server and may be able to use server for any outbound traffic.

This issue affects Apache Fineract: from 1.4 through 1.8.3.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "Apache Fineract",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "1.8.3",
        "status": "affected",
        "version": "1.4",
        "versionType": "semver"
      }
    ]
  }
]

References

lists.apache.org/thread/m58fdjmtkfp9h4c0r4l48rv995w3qhb6