GHSA-43f8-p5w3-5m25
Suggest an improvement- Source
- https://github.com/advisories/GHSA-43f8-p5w3-5m25
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/02/GHSA-43f8-p5w3-5m25/GHSA-43f8-p5w3-5m25.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-43f8-p5w3-5m25
- Aliases
- Published
- 2021-02-11T21:20:40Z
- Modified
- 2024-12-02T05:29:14.702054Z
- Summary
- vrana/adminer vulnerable to SSRF by connecting to privileged ports
- Details
-
Impact
All users are affected.
Patches
- Unsuccessfully patched by 0fae40fb, included in version 4.4.0.
- Patched by 35bfaa75, included in version 4.7.8.
Workarounds
Protect access to Adminer also by other means, e.g. by HTTP password, IP address limiting or by OTP plugin.
References
- http://hyp3rlinx.altervista.org/advisories/ADMINER-UNAUTHENTICATED-SERVER-SIDE-REQUEST-FORGERY.txt
- https://sourceforge.net/p/adminer/bugs-and-features/769/
- https://gusralph.info/adminer-ssrf-bypass-cve-2018-7667/ (CVE-2020-28654)
For more information
If you have any questions or comments about this advisory: * Comment at 35bfaa75.
- Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-918" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2021-02-11T21:20:27Z" }- References
-
- https://github.com/vrana/adminer/security/advisories/GHSA-43f8-p5w3-5m25
- https://github.com/vrana/adminer/commit/35bfaa75
- https://gusralph.info/adminer-ssrf-bypass-cve-2018-7667
- https://sourceforge.net/p/adminer/bugs-and-features/769
- http://hyp3rlinx.altervista.org/advisories/ADMINER-UNAUTHENTICATED-SERVER-SIDE-REQUEST-FORGERY.txt
Affected packages
Packagist / vrana/adminer
Package
- Name
- vrana/adminer
- Purl
- pkg:composer/vrana/adminer