CVE-2023-44313 HIGH

CVE-2023-44313: Apache ServiceComb Service-Center: attacker can perform SSRF through the frontend API

Vendor Apache Software Foundation

Product Apache ServiceComb Service-Center

Weakness CWE-918 · SSRF

Published January 31, 2024

Last update February 13, 2025

View on NVD All CVEs

CVSS base score

7.6/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality High

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L

What the vulnerability does

Description

Server-Side Request Forgery (SSRF) vulnerability in Apache ServiceComb Service-Center. Attackers can obtain sensitive server information through specially crafted requests.This issue affects Apache ServiceComb before 2.1.0(include). Users are recommended to upgrade to version 2.2.0, which fixes the issue.

Key dates

Disclosure timeline

January 31, 2024 CVE published

February 13, 2025 Record updated

Identifiers

CVE CVE-2023-44313

CWE CWE-918

CVSS 7.6 / HIGH

Affected versions

Vendor Apache Software Foundation

Product Apache ServiceComb Service-Center

Affected ≤ 2.1.0