Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQzZjgtcDV3My01bTI1
vrana/adminer vulnerable to SSRF by connecting to privileged ports
Impact
All users are affected.
Patches
- Unsuccessfully patched by 0fae40fb, included in version 4.4.0.
- Patched by 35bfaa75, included in version 4.7.8.
Workarounds
Protect access to Adminer also by other means, e.g. by HTTP password, IP address limiting or by OTP plugin.
References
- http://hyp3rlinx.altervista.org/advisories/ADMINER-UNAUTHENTICATED-SERVER-SIDE-REQUEST-FORGERY.txt
- https://sourceforge.net/p/adminer/bugs-and-features/769/
- https://gusralph.info/adminer-ssrf-bypass-cve-2018-7667/ (CVE-2020-28654)
For more information
If you have any questions or comments about this advisory:
- Comment at 35bfaa75.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQzZjgtcDV3My01bTI1
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 3 years ago
Updated: 3 months ago
Identifiers: GHSA-43f8-p5w3-5m25, CVE-2018-7667
References:
- https://github.com/vrana/adminer/security/advisories/GHSA-43f8-p5w3-5m25
- https://sourceforge.net/p/adminer/bugs-and-features/769/
- http://hyp3rlinx.altervista.org/advisories/ADMINER-UNAUTHENTICATED-SERVER-SIDE-REQUEST-FORGERY.txt
- https://gusralph.info/adminer-ssrf-bypass-cve-2018-7667
- https://github.com/vrana/adminer/commit/35bfaa75
- https://github.com/advisories/GHSA-43f8-p5w3-5m25
Affected Packages
packagist:vrana/adminer
Versions: < 4.7.8Fixed in: 4.7.8