Description
calibreweb prior to version 0.6.17 is vulnerable to server-side request forgery (SSRF). This is due to an incomplete fix for [CVE-2022-0339](https://github.com/advisories/GHSA-4w8p-x6g8-fv64). The blacklist does not check for `0.0.0.0`, which would result in a payload of `0.0.0.0` resolving to `localhost`.
Affected Software
Related
{"id": "GHSA-2647-C639-QV2J", "vendorId": null, "type": "github", "bulletinFamily": "software", "title": "Server-Side Request Forgery in calibreweb", "description": "calibreweb prior to version 0.6.17 is vulnerable to server-side request forgery (SSRF). This is due to an incomplete fix for [CVE-2022-0339](https://github.com/advisories/GHSA-4w8p-x6g8-fv64). The blacklist does not check for `0.0.0.0`, which would result in a payload of `0.0.0.0` resolving to `localhost`.", "published": "2022-03-08T00:00:31", "modified": "2023-08-24T00:01:24", "epss": [{"cve": "CVE-2022-0766", "epss": 0.00194, "percentile": 0.56977, "modified": "2023-12-02"}], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 7.5}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://github.com/advisories/GHSA-2647-c639-qv2j", "reporter": "GitHub Advisory Database", "references": ["https://nvd.nist.gov/vuln/detail/CVE-2022-0766", "https://github.com/janeczku/calibre-web/commit/965352c8d96c9eae7a6867ff76b0db137d04b0b8", "https://huntr.dev/bounties/7f2a5bb4-e6c7-4b6a-b8eb-face9e3add7b", "https://github.com/advisories/GHSA-2647-c639-qv2j"], "cvelist": ["CVE-2022-0339", "CVE-2022-0766"], "immutableFields": [], "lastseen": "2023-12-02T17:28:14", "viewCount": 11, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2022-0339", "CVE-2022-0766"]}, {"type": "github", "idList": ["GHSA-4W8P-X6G8-FV64"]}, {"type": "huntr", "idList": ["31649903-C19C-4DAE-AEE0-A04B095855C5", "499688C4-6AC4-4047-A868-7922C3EAB369", "7F2A5BB4-E6C7-4B6A-B8EB-FACE9E3ADD7B"]}, {"type": "osv", "idList": ["OSV:GHSA-2647-C639-QV2J", "OSV:GHSA-4W8P-X6G8-FV64", "OSV:PYSEC-2022-23"]}, {"type": "prion", "idList": ["PRION:CVE-2022-0339", "PRION:CVE-2022-0766"]}, {"type": "veracode", "idList": ["VERACODE:33972"]}]}, "score": {"value": 3.7, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2022-0766"]}]}, "affected_software": {"major_version": [{"name": "calibreweb", "version": 0}]}, "epss": [{"cve": "CVE-2022-0339", "epss": 0.00157, "percentile": 0.50682, "modified": "2023-05-02"}, {"cve": "CVE-2022-0766", "epss": 0.00157, "percentile": 0.50682, "modified": "2023-05-02"}], "vulnersScore": 3.7}, "_state": {"dependencies": 1701544388, "score": 1701538863, "affected_software_major_version": 0, "epss": 0}, "_internal": {"score_hash": "01b732ba5d88a5401f2eac37b7264e06"}, "affectedSoftware": [{"version": "0.6.17", "operator": "lt", "ecosystem": "PIP", "name": "calibreweb"}]}
{"osv": [{"lastseen": "2023-04-11T01:42:49", "description": "calibreweb prior to version 0.6.17 is vulnerable to server-side request forgery (SSRF). This is due to an incomplete fix for [CVE-2022-0339](https://github.com/advisories/GHSA-4w8p-x6g8-fv64). The blacklist does not check for `0.0.0.0`, which would result in a payload of `0.0.0.0` resolving to `localhost`.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-08T00:00:31", "type": "osv", "title": "Server-Side Request Forgery in calibreweb", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0339", "CVE-2022-0766"], "modified": "2023-04-11T01:42:45", "id": "OSV:GHSA-2647-C639-QV2J", "href": "https://osv.dev/vulnerability/GHSA-2647-c639-qv2j", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-11T21:07:52", "description": "Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 0.6.16.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2022-01-30T14:15:00", "type": "osv", "title": "PYSEC-2022-23", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0339"], "modified": "2022-02-04T19:19:26", "id": "OSV:PYSEC-2022-23", "href": "https://osv.dev/vulnerability/PYSEC-2022-23", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-04-11T01:35:32", "description": "calibreweb prior to version 0.6.16 contains a Server-Side Request Forgery (SSRF) vulnerability.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-01T00:48:54", "type": "osv", "title": "Server-Side Request Forgery in calibreweb", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0339"], "modified": "2023-04-11T01:35:28", "id": "OSV:GHSA-4W8P-X6G8-FV64", "href": "https://osv.dev/vulnerability/GHSA-4w8p-x6g8-fv64", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2023-12-02T16:20:15", "description": "Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 0.6.16.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-30T14:15:00", "type": "cve", "title": "CVE-2022-0339", "cwe": ["CWE-918"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0339"], "modified": "2022-03-17T16:16:00", "cpe": [], "id": "CVE-2022-0339", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0339", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-12-02T16:23:13", "description": "Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-07T07:15:00", "type": "cve", "title": "CVE-2022-0766", "cwe": ["CWE-918"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0766"], "modified": "2022-03-11T17:08:00", "cpe": [], "id": "CVE-2022-0766", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0766", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}], "veracode": [{"lastseen": "2023-04-18T05:57:33", "description": "calibreweb is vulnerable to server-side request forgery. The vulnerability exists in `_delete_user` function of `admin.py` due to lack of validation which allows an attacker to fetch localhost URL and upload a book cover.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-31T21:39:17", "type": "veracode", "title": "Server-Side Request Forgery (SSRF)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0339"], "modified": "2022-03-17T18:58:54", "id": "VERACODE:33972", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-33972/summary", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "github": [{"lastseen": "2023-12-02T17:28:23", "description": "calibreweb prior to version 0.6.16 contains a Server-Side Request Forgery (SSRF) vulnerability.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-01T00:48:54", "type": "github", "title": "Server-Side Request Forgery in calibreweb", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0339"], "modified": "2023-02-03T05:05:34", "id": "GHSA-4W8P-X6G8-FV64", "href": "https://github.com/advisories/GHSA-4w8p-x6g8-fv64", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "huntr": [{"lastseen": "2023-10-30T15:23:05", "description": "# Title\nBlind SSRF via URL fetch\n\n# Summary\n`calibre-web` allows external URL fetching in order to upload a book cover. However, instead of external URL it is possible to point to localhost, which will be reached resulting in blind SSRF.\n\n # Steps to reproduce\n1. 1\\. As an admin give permissions to upload files and edit books to any staff.\n2. 2\\. As an admin run any server on localhost to see the SSRF.\n3. 3\\. As a malicious staff go to books section -> select any book -> edit metadata -> in the `Fetch Cover from URL` field specify the address of service that you ran as an admin -> save the book.\n4. 4\\. As an admin observe that service on localhost was reached.\n\n# PoC:\nAs a service for PoC I used python simple server - `python -m http.server 1234`.\nAlso you may tunnel `calibre-web` server using `ngrok` - `ngrok http 1234` - to prove that it is exploitable in real environment (I already did, just wanted to make video PoC as short as possible).\n[Video PoC](https://www.youtube.com/watch?v=qU3IJme84Mg)\n\n# Impact\nThis vulnerability is capable of port scanning and even may execute some actions on victim's side in case there are sensitive services on localhost.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-20T11:47:34", "type": "huntr", "title": "Server-Side Request Forgery (SSRF) in janeczku/calibre-web", "bulletinFamily": "bugbounty", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0339"], "modified": "2022-01-22T16:12:37", "id": "499688C4-6AC4-4047-A868-7922C3EAB369", "href": "https://www.huntr.dev/bounties/499688c4-6ac4-4047-a868-7922c3eab369/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-10-30T15:22:55", "description": "# Description\nBypass of this report: [https://huntr.dev/bounties/499688c4-6ac4-4047-a868-7922c3eab369/](https://huntr.dev/bounties/499688c4-6ac4-4047-a868-7922c3eab369/)\n\n # Proof of Concept\nBlacklist does not check for `0.0.0.0`\n\n**PAYLOAD:** `http://0.0.0.0`\n\nThis payload will be resolved to `localhost`\n\n```python\n>>> import socket\n>>> from urllib.parse import urlparse\n>>> PAYLOAD = 'http://0.0.0.0'\n>>> socket.getaddrinfo(urlparse(PAYLOAD).hostname, 0)[0][4][0]\n'0.0.0.0'\n```\n\n\n# Impact\nSSRF", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-21T17:48:42", "type": "huntr", "title": "Server-Side Request Forgery (SSRF)", "bulletinFamily": "bugbounty", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0766"], "modified": "2022-02-26T06:59:33", "id": "7F2A5BB4-E6C7-4B6A-B8EB-FACE9E3ADD7B", "href": "https://www.huntr.dev/bounties/7f2a5bb4-e6c7-4b6a-b8eb-face9e3add7b/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-10-30T15:22:48", "description": "# Description\nThe fix(es) for CVE-2022-0767 & CVE-2022-0766 only address loopback/localhost IP addresses, this is an issue as other internal endpoints may be accessible to an attacker (one of the most popular examples is ``169.254.169.254`` which is the [AWS metadata address](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instancedata-data-retrieval.html))\n\n # Proof of Concept\nThe same as either of the previous reports except the IP address being used should be an internal (but not local/loopback) address (e.g., the aforementioned ``169.254.169.254``.\n\n# Impact\nThis vulnerability is capable of allowing attackers to interact with devices (or applications) running on the same network as the targeted server.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-03-09T19:06:05", "type": "huntr", "title": "Server-Side Request Forgery (SSRF)", "bulletinFamily": "bugbounty", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0766", "CVE-2022-0767", "CVE-2022-0990"], "modified": "2022-03-15T17:46:12", "id": "31649903-C19C-4DAE-AEE0-A04B095855C5", "href": "https://www.huntr.dev/bounties/31649903-c19c-4dae-aee0-a04b095855c5/", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}], "prion": [{"lastseen": "2023-11-20T23:16:58", "description": "Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 0.6.16.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-30T14:15:00", "type": "prion", "title": "Server side request forgery (ssrf)", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0339"], "modified": "2022-03-17T16:16:00", "id": "PRION:CVE-2022-0339", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-0339", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-20T23:17:40", "description": "Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-07T07:15:00", "type": "prion", "title": "Server side request forgery (ssrf)", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0766"], "modified": "2022-03-11T17:08:00", "id": "PRION:CVE-2022-0766", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-0766", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
Server-Side Request Forgery in calibreweb
