Protections against potential Server-Side Request Forgery...
High severity
Unreviewed
Published
Dec 29, 2022
to the GitHub Advisory Database
•
Updated Feb 2, 2023
Description
Published by the National Vulnerability Database
Dec 29, 2022
Published to the GitHub Advisory Database
Dec 29, 2022
Last updated
Feb 2, 2023
Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.8.1 and below were not fully honored and may allow a remote, unauthenticated attacker to forge requests to arbitrary URLs from the system, potentially leading to network enumeration or reading from hosts inside the network perimeter, a different issue than CVE-2022-38211 and CVE-2022-38203.
References