CVE-2021-22255

Опубликовано: 20 авг. 2021

Источник: nvd

CVSS3: 7.7

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

SSRF in URL file upload in Baserow <1.1.0 allows remote authenticated users to retrieve files from the internal server network exposed over HTTP by inserting an internal address.

Ссылки

https://baserow.io/blog/march-2021-release-of-baserow
Release Notes
Vendor Advisory
https://gitlab.com/bramw/baserow/-/issues/370
Issue Tracking
Patch
Third Party Advisory
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22255.json
Third Party Advisory
https://baserow.io/blog/march-2021-release-of-baserow
Release Notes
Vendor Advisory
https://gitlab.com/bramw/baserow/-/issues/370
Issue Tracking
Patch
Third Party Advisory
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22255.json
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:baserow:baserow:*:*:*:*:*:*:*:*

Версия от 0.6.0 (включая) до 1.1.0 (исключая)

EPSS

Процентиль: 44%

0.00215

Низкий

7.7 High

CVSS3

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-918

Связанные уязвимости

GHSA-h2jg-46xv-c74w

github

больше 3 лет назад

SSRF in URL file upload in Baserow <1.1.0 allows remote authenticated users to retrieve files from the internal server network exposed over HTTP by inserting an internal address.

EPSS

Процентиль: 44%

0.00215

Низкий

7.7 High

CVSS3

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-918