Search Get started

Server Side Request Forgery (SSRF) through user_ldap app

Sep 8, 2021

  • Risk: low
  • CVSS v3 Base Score: 4.1
  • CVSS v3 Vector: AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
  • CWE ID: CWE-918
  • CWE Name: Server-Side Request Forgery (SSRF)
  • CVE: CVE-2021-40537


Server Side Request Forgery (SSRF) vulnerability in the settings of the user_ldap app. Administration role is necessary for exploitation.


  • user_ldap < 0.15.4

Action taken

Filter invalid characters from the user_ldap settings.