7.6
CVE-2022-31196
- EPSS 0.79%
- Veröffentlicht 02.09.2022 20:15:08
- Zuletzt bearbeitet 21.11.2024 07:04:06
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginServer-Side Request Forgery (SSRF) vulnerability in Databasir
Databasir is a database metadata management platform. Databasir <= 1.06 has Server-Side Request Forgery (SSRF) vulnerability. The SSRF is triggered by a sending a **single** HTTP POST request to create a databaseType. By supplying a `jdbcDriverFileUrl` that returns a non `200` response code, the url is executed, the response is logged (both in terminal and in database) and is included in the response. This would allow an attackers to obtain the real IP address and scan Intranet information. This issue was fixed in version 1.0.7.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.79% | 0.513 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| security-advisories@github.com | 7.6 | 2.8 | 4.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
|
CWE-918 Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
https://github.com/vran-dev/databasir/commit/226c20e0c9124037671a91d6b3e5083bd2462058
https://github.com/vran-dev/databasir/releases/tag/v1.0.7
https://github.com/vran-dev/databasir/security/advisories/GHSA-qvg8-427f-852q