Lucene search

[email protected]CVE-2022-2756

HistoryAug 10, 2022 - 4:15 p.m.

CVE-2022-2756

2022-08-1016:15:08

CWE-918

[email protected]

web.nvd.nist.gov

2170

cve-2022-2756

ssrf

github

repository

kareadita

kavita

nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.016 Low

EPSS

Percentile

87.4%

JSON

Server-Side Request Forgery (SSRF) in GitHub repository kareadita/kavita prior to 0.5.4.1.

Affected configurations

NVD

Node

kavitareaderkavitaRange<0.5.4.1

CPENameOperatorVersion
kavitareader:kavitakavitareader kavitalt0.5.4.1

CPE	Name	Operator	Version
kavitareader:kavita	kavitareader kavita	lt	0.5.4.1

CNA Affected

[
  {
    "product": "kareadita/kavita",
    "vendor": "kareadita",
    "versions": [
      {
        "lessThan": "0.5.4.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/kareadita/kavita/commit/9c31f7e7c81b919923cb2e3857439ec0d16243e4

huntr.dev/bounties/95e7c181-9d80-4428-aebf-687ac55a9216

Social References

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.016 Low

EPSS

Percentile

87.4%

JSON

Related for CVE-2022-2756

prion1 nuclei1 osv1 nvd1 cvelist1 huntr1