Lucene search

[email protected]CVE-2022-4096

HistoryNov 21, 2022 - 3:15 p.m.

CVE-2022-4096

2022-11-2115:15:12

CWE-918

[email protected]

web.nvd.nist.gov

cve-2022-4096

ssrf

github

appsmith

security

vulnerability

nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

30.6%

JSON

Server-Side Request Forgery (SSRF) in GitHub repository appsmithorg/appsmith prior to 1.8.2.

Affected configurations

NVD

Node

appsmithappsmithRange<1.8.2

CPENameOperatorVersion
appsmith:appsmithappsmithlt1.8.2

CPE	Name	Operator	Version
appsmith:appsmith	appsmith	lt	1.8.2

CNA Affected

[
  {
    "vendor": "appsmithorg",
    "product": "appsmithorg/appsmith",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "1.8.2",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/appsmithorg/appsmith/commit/769719ccfe667f059fe0b107a19ec9feb90f2e40

huntr.dev/bounties/7969e834-5982-456e-9683-861a7a5e2d22

Social References

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

30.6%

JSON

Related for CVE-2022-4096

osv2 cvelist1 prion1 githubexploit1 huntr1 nvd1 cnvd1