CVE-2020-14328

LOW Year: 2020
CVSS v3 Score
3.3
Low
CVSS v2 Score
2.1
Low
Weakness Type
CWE-918
View all →

Vulnerability Description

A flaw was found in Ansible Tower in versions before 3.7.2. A Server Side Request Forgery flaw can be abused by supplying a URL which could lead to the server processing it connecting to internal services or exposing additional internal services and more particularly retrieving full details in case of error. The highest threat from this vulnerability is to data confidentiality.

Related Vulnerabilities

CVE-2025-29446

LOW
CVSS:3.3(Low)

open-webui v0.5.16 is vulnerable to SSRF in routers/ollama.py in function verify_connection.

CWE-9182025

CVE-2025-47936

LOW
CVSS:3.3(Low)

TYPO3 is an open source, PHP based web content management system. In versions on the 12.x branch prior to 12.4.31 LTS and the 13.x branch prior to 13.4.2 LTS, Webhooks are inherently vulnerable to Cro...

CWE-9182025

CVE-2023-26442

LOW
CVSS:3.2(Low)

In case Cacheservice was configured to use a sproxyd object-storage backend, it would follow HTTP redirects issued by that backend. An attacker with access to a local or restricted network with the ca...

CWE-9182023

CVE-2016-6001

LOW
CVSS:3.1(Low)

IBM Forms Experience Builder could be susceptible to a server-side request forgery (SSRF) from the application design interface allowing for some information disclosure of internal resources.

CWE-9182016

CVE-2023-26438

LOW
CVSS:3.1(Low)

External service lookups for a number of protocols were vulnerable to a time-of-check/time-of-use (TOCTOU) weakness, involving the JDK DNS cache. Attackers that were timing DNS cache expiry correctly ...

CWE-9182023

CVE-2024-43379

LOW
CVSS:3.1(Low)

TruffleHog is a secrets scanning tool. Prior to v3.81.9, this vulnerability allows a malicious actor to craft data in a way that, when scanned by specific detectors, could trigger the detector to make...

CWE-9182024