CVE-2022-23464

Опубликовано: 24 сент. 2022

Источник: nvd

CVSS3: 4.3

CVSS3: 7.5

EPSS Низкий

Описание

Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery (SSRF). RouterResourceImpl uses RestTemplate’s getForEntity to retrieve the contents of a URL containing user-controlled input, potentially resulting in Information Disclosure. There is no patch available for this issue at time of publication. There are no known workarounds.

Ссылки

https://securitylab.github.com/advisories/GHSL-2022-033_GHSL-2022-034_Discovery/
Exploit
Third Party Advisory
https://securitylab.github.com/advisories/GHSL-2022-033_GHSL-2022-034_Discovery/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nepxion:discovery:*:*:*:*:*:spring_cloud:*:*

Версия до 6.16.2 (включая)

EPSS

Процентиль: 30%

0.00112

Низкий

4.3 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-918

Связанные уязвимости

GHSA-hhxh-qphc-v423

CVSS3: 4.3

github

больше 3 лет назад

Nepxion Discovery vulnerable to potential Information Disclosure due to Server-Side Request Forgery

EPSS

Процентиль: 30%

0.00112

Низкий

4.3 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-918