exploitDog

CVE-2022-25801

Опубликовано: 14 июл. 2022

Источник: nvd

CVSS3: 9.1

EPSS Низкий

Описание

Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via Scripted Action tools.

Ссылки

https://docs.bestpractical.com/release-notes/rtir/4.0.3
Patch
Release Notes
Vendor Advisory
https://docs.bestpractical.com/release-notes/rtir/5.0.3
Patch
Release Notes
Vendor Advisory
https://docs.bestpractical.com/release-notes/rtir/index.html
Release Notes
Vendor Advisory
https://docs.bestpractical.com/release-notes/rtir/4.0.3
Patch
Release Notes
Vendor Advisory
https://docs.bestpractical.com/release-notes/rtir/5.0.3
Patch
Release Notes
Vendor Advisory
https://docs.bestpractical.com/release-notes/rtir/index.html
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:bestpractical:request_tracker_for_incident_response:*:*:*:*:*:*:*:*

Версия до 4.0.3 (исключая)

cpe:2.3:a:bestpractical:request_tracker_for_incident_response:*:*:*:*:*:*:*:*

Версия от 5.0.0 (включая) до 5.0.3 (исключая)

EPSS

Процентиль: 54%

0.00312

Низкий

9.1 Critical

CVSS3

Дефекты

CWE-918

Связанные уязвимости

GHSA-j59r-m36g-g64f

CVSS3: 9.1

github

больше 3 лет назад

Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via Scripted Action tools.

EPSS

Процентиль: 54%

0.00312

Низкий

9.1 Critical

CVSS3

Дефекты

CWE-918