2 matches found
CVE-2022-35508
Proxmox CVE-2022-35508 enables SSRF when proxying HTTP requests between pve(pmg)proxy and pve(pmg)daemon, exploitable by an unprivileged user to disclose server files. In Proxmox Mail Gateway, there is also a privilege escalation route to root@pam if backup artifacts were used, because pmg-backup...
CVE-2022-35508
Proxmox Virtual Environment PVE and Proxmox Mail Gateway PMG are vulnerable to SSRF when proxying HTTP requests between pvepmgproxy and pvepmgdaemon. An attacker with an unprivileged account can craft an HTTP request to achieve SSRF and file disclosure of any files on the server. Also, in Proxmox...