What is CVE-2023-27163?

CVE-2023-27163 is a medium-severity vulnerability in request-baskets software up to version 1.2.1. This Server-Side Request Forgery (SSRF) vulnerability allows attackers to access network resources and sensitive information through a crafted API request. Users should update their software to avoid potential attacks.

Who is impacted by CVE-2023-27163?

CVE-2023-27163 affects users of request-baskets software up to version 1.2.1. This SSRF vulnerability enables attackers to access network resources and sensitive information through a crafted API request. Systems using versions up to and including 1.2.1 are at risk.

What to do if CVE-2023-27163 affected you

If you're affected by the CVE-2023-27163 vulnerability, it's crucial to take action to protect your system. Follow these simple steps:

1. Update your request-baskets software to a version higher than 1.2.1.

2. Regularly check for software updates and apply them promptly.

3. Implement network security best practices and strong authentication mechanisms.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-27163 vulnerability, a Server-Side Request Forgery (SSRF) issue in request-baskets software up to version 1.2.1, is not listed in CISA's Known Exploited Vulnerabilities Catalog. It was published on March 31, 2023. There is no specific due date or required action mentioned, but it's essential to update the software and follow security best practices to protect your system.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-918, which is a Server-Side Request Forgery (SSRF) issue in request-baskets software up to version 1.2.1.

Learn More

For a comprehensive understanding of its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.

• NVD - CVE-2023-27163

• Request-Baskets 1.2.1 Server-Side Request Forgery ≈ Packet Storm

• Maltrail 0.53 Remote Code Execution ≈ Packet Storm