all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Appwrite Blind SSRF

Add to bookmarks
Jan. 30, 2024, 8:49 a.m. | Rémy Marot

Tenable Research Advisories www.tenable.com

Appwrite Blind SSRF

A researcher at Tenable discovered an unauthenticated Server-Side Request Forgery (SSRF) vulnerability via the '/v1/avatars/favicon' endpoint as a result of a bypass of an incomplete fix for CVE-2023-27159.


Rémy Marot
Tue, 01/30/2024 - 03:49

appwrite bypass cve endpoint favicon fix forgery request researcher result server server-side request forgery ssrf tenable unauthenticated vulnerability

Visit resource

More from www.tenable.com / Tenable Research Advisories

Approach.App Multiple Vulnerabilities 1 week, 4 days ago | www.tenable.com
app application exploitation management +9
Karros Technologies Authentication Bypass 1 week, 4 days ago | www.tenable.com
authentication authentication bypass bypass technologies
Ivanti Avalanche WLAvalancheService.exe Unauthenticated Heap-based Buffer Overflow 1 week, 6 days ago | www.tenable.com
avalanche big buffer buffer overflow +12
Path Traversal Affecting Multiple CData Products 3 weeks, 4 days ago | www.tenable.com
application attachment cookie date +14
LG LED Assistant v2.1.65 Multiple Vulnerabilities 1 month ago | www.tenable.com
assistant led vulnerabilities
Arcserve Unified Data Protection 9.2 Multiple Vulnerabilities 1 month, 2 weeks ago | www.tenable.com
arcserve data data protection protection +1
Microsoft Azure Synapse Analytics - Privilege Escalation via Vegas Caching Service 1 month, 3 weeks ago | www.tenable.com
analytics azure azure synapse caching +8
Showdownjs Denial of Service 2 months ago | www.tenable.com
can command concept conditions +17
Missing Authentication for Critical Function in Adobe FrameMaker Publishing Server (FMPS) 2 months, 2 weeks ago | www.tenable.com
accesstoken admin adobe authentication +9

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Professional Services Resident Consultant / Senior Professional Services Resident Consultant - AMS

@ Zscaler | Bengaluru, India
View on infosec-jobs.com

Head of Security, Risk & Compliance

@ Gedeon Richter Pharma GmbH | Budapest, HU
View on infosec-jobs.com

Unarmed Professional Security Officer - County Hospital

@ Allied Universal | Los Angeles, CA, United States
View on infosec-jobs.com

Senior Software Engineer, Privacy Engineering

@ Block | Seattle, WA, United States
View on infosec-jobs.com

Senior Cyber Security Specialist

@ Avaloq | Bioggio, Switzerland
View on infosec-jobs.com
View more jobs