Lucene search

MitreCVE-2022-28117

HistoryApr 28, 2022 - 3:15 p.m.

CVE-2022-28117

2022-04-2815:15:10

CWE-918

mitre

web.nvd.nist.gov

cve

ssrf

navigate cms

feed_parser

nvd

remote attackers

arbitrary requests

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

AI Score

5.3

Confidence

High

EPSS

0.062

Percentile

93.7%

JSON

A Server-Side Request Forgery (SSRF) in feed_parser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter.

Affected configurations

Nvd

Node

naviwebsnavigate_cmsMatch2.9.4

VendorProductVersionCPE
naviwebsnavigate_cms2.9.4cpe:2.3:a:naviwebs:navigate_cms:2.9.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
naviwebs	navigate_cms	2.9.4	cpe:2.3:a:naviwebs:navigate_cms:2.9.4:::::::*

References

packetstormsecurity.com/files/167063/Navigate-CMS-2.9.4-Server-Side-Request-Forgery.html

www.navigatecms.com/en/blog/development/navigate_cms_update_2_9_5

www.youtube.com/watch?v=4kHW95CMfD0

Social References

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

AI Score

5.3

Confidence

High

EPSS

0.062

Percentile

93.7%

JSON

Related for CVE-2022-28117