Lucene search

@huntrdevCVELIST:CVE-2022-4096

HistoryNov 21, 2022 - 12:00 a.m.

CVE-2022-4096 Server-Side Request Forgery (SSRF) in appsmithorg/appsmith

2022-11-2100:00:00

CWE-918

@huntrdev

www.cve.org

cve-2022-4096

github repository

ssrf

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

30.4%

JSON

Server-Side Request Forgery (SSRF) in GitHub repository appsmithorg/appsmith prior to 1.8.2.

CNA Affected

[
  {
    "vendor": "appsmithorg",
    "product": "appsmithorg/appsmith",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "1.8.2",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/appsmithorg/appsmith/commit/769719ccfe667f059fe0b107a19ec9feb90f2e40

huntr.dev/bounties/7969e834-5982-456e-9683-861a7a5e2d22

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

30.4%

JSON

Related for CVELIST:CVE-2022-4096