ghsa-43f8-p5w3-5m25
Vulnerability from github
Published
2021-02-11 21:20
Modified
2023-09-21 19:57
Summary
vrana/adminer vulnerable to SSRF by connecting to privileged ports
Details
Impact
All users are affected.
Patches
- Unsuccessfully patched by 0fae40fb, included in version 4.4.0.
- Patched by 35bfaa75, included in version 4.7.8.
Workarounds
Protect access to Adminer also by other means, e.g. by HTTP password, IP address limiting or by OTP plugin.
References
- http://hyp3rlinx.altervista.org/advisories/ADMINER-UNAUTHENTICATED-SERVER-SIDE-REQUEST-FORGERY.txt
- https://sourceforge.net/p/adminer/bugs-and-features/769/
- https://gusralph.info/adminer-ssrf-bypass-cve-2018-7667/ (CVE-2020-28654)
For more information
If you have any questions or comments about this advisory: * Comment at 35bfaa75.
{ "affected": [ { "package": { "ecosystem": "Packagist", "name": "vrana/adminer" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "4.7.8" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2018-7667" ], "database_specific": { "cwe_ids": [ "CWE-918" ], "github_reviewed": true, "github_reviewed_at": "2021-02-11T21:20:27Z", "nvd_published_at": null, "severity": "MODERATE" }, "details": "### Impact\nAll users are affected.\n\n### Patches\n* Unsuccessfully patched by 0fae40fb, included in version [4.4.0](https://github.com/vrana/adminer/releases/tag/v4.4.0).\n* Patched by 35bfaa75, included in version [4.7.8](https://github.com/vrana/adminer/releases/tag/v4.7.8).\n\n### Workarounds\nProtect access to Adminer also by other means, e.g. by HTTP password, IP address limiting or by OTP [plugin](https://www.adminer.org/plugins/).\n\n### References\n* http://hyp3rlinx.altervista.org/advisories/ADMINER-UNAUTHENTICATED-SERVER-SIDE-REQUEST-FORGERY.txt\n* https://sourceforge.net/p/adminer/bugs-and-features/769/\n* https://gusralph.info/adminer-ssrf-bypass-cve-2018-7667/ (CVE-2020-28654)\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Comment at 35bfaa75.", "id": "GHSA-43f8-p5w3-5m25", "modified": "2023-09-21T19:57:49Z", "published": "2021-02-11T21:20:40Z", "references": [ { "type": "WEB", "url": "https://github.com/vrana/adminer/security/advisories/GHSA-43f8-p5w3-5m25" }, { "type": "WEB", "url": "https://github.com/vrana/adminer/commit/35bfaa75" }, { "type": "WEB", "url": "https://gusralph.info/adminer-ssrf-bypass-cve-2018-7667" }, { "type": "WEB", "url": "https://sourceforge.net/p/adminer/bugs-and-features/769" }, { "type": "WEB", "url": "http://hyp3rlinx.altervista.org/advisories/ADMINER-UNAUTHENTICATED-SERVER-SIDE-REQUEST-FORGERY.txt" } ], "schema_version": "1.4.0", "severity": [], "summary": "vrana/adminer vulnerable to SSRF by connecting to privileged ports" }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.