Lucene search

GoogleOSV:CVE-2022-2339

HistoryJul 07, 2022 - 4:15 a.m.

CVE-2022-2339

2022-07-0704:15:11

Google

osv.dev

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.5 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

50.4%

JSON

With this SSRF vulnerability, an attacker can reach internal addresses to make a request as the server and read it’s contents. This attack can lead to leak of sensitive information.

CPENameOperatorVersion
nocodbeq0.10.2
nocodbeq0.84.15
nocodbeq0.11.16
nocodbeq0.11.46
nocodbeq0.83.4
nocodbeq0.11.3
nocodbeq0.91.8
nocodbeq0.10.6
nocodbeq0.11.25
nocodbeq0.11.12

Name	Operator	Version
nocodb	eq	0.10.2
nocodb	eq	0.84.15
nocodb	eq	0.11.16
nocodb	eq	0.11.46
nocodb	eq	0.83.4
nocodb	eq	0.11.3
nocodb	eq	0.91.8
nocodb	eq	0.10.6
nocodb	eq	0.11.25
nocodb	eq	0.11.12

Rows per page:

1-10 of 961

References

github.com/nocodb/nocodb/commit/000ecd886738b965b5997cd905825e3244f48b95

huntr.dev/bounties/fff06de8-2a82-49b1-8e81-968731e87eef

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.5 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

50.4%

JSON

Related for OSV:CVE-2022-2339