CVE-2023-41054

CVSS 3.1 Score 9.1 of 10 (high)

Details

Published Sep 4, 2023
Updated: Sep 8, 2023
CWE ID 918

Summary

CVE-2023-41054 is a Server-Side Request Forgery (SSRF) vulnerability found in LibreY, a privacy-respecting meta search engine. The vulnerability exists in the `image_proxy.php` file of LibreY before commit 8f9b9803f231e2954e5b49987a532d28fe50a627, allowing remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network or conduct Denial-of-Service (DoS) attacks via the `url` parameter. This could potentially lead to unauthorized access to internal information and performance degradation of the server. The issue has been addressed in a recent commit, and LibreY hosters are advised to update to the latest version to mitigate the vulnerability.

Share

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-41054 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options