What the vulnerability does
01Description
Prior to 23.2, it is possible to perform arbitrary Server-Side requests via HTTP-based connectors within BeyondInsight, resulting in a server-side request forgery vulnerability.
CVSS base score
4.8/10
CVSS vector
CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L
Key dates
02Disclosure timeline
June 4, 2024
CVE published
August 1, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2024-12779 SSRF in infiniflow/ragflow
CVE-2024-0759 Collection of internally resolving IPs
CVE-2026-27945 ZITADEL has potential SSRF via Actions
CVE-2024-39687 Fedify vulnerable to allowing access to internal network resources
CVE-2026-46372 SillyTavern: SSRF in SearXNG Search Proxy via Unvalidated baseUrl
