CVE-2023-42812

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Sep 22, 2023

Updated: Sep 25, 2023

CWE ID 918

Summary

CVE-2023-42812 is a serious vulnerability affecting the Galaxy open-source platform for FAIR data analysis. Before version 22.05, Galaxy was susceptible to server-side request forgery (SSRF), enabling attackers to issue unauthorized HTTP/HTTPS requests from the application server and access internal hosts' responses. This issue could lead to potential data leakage or unauthorized system access. Galaxy's developers have released version 22.05 with a patch to address this SSRF vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Galaxy Project Galaxy

Affected Vendors

Galaxyproject

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sr8GPo
https://www.cve.org/CVERecord?id=CVE-2023-42812
https://nvd.nist.gov/vuln/detail/CVE-2023-42812

Back to Vulnerability Database