exploitDog

CVE-2022-38580

Опубликовано: 25 окт. 2022

Источник: nvd

CVSS3: 9.8

EPSS Средний

Описание

Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery (SSRF).

Ссылки

http://packetstormsecurity.com/files/171546/X-Skipper-Proxy-0.13.237-Server-Side-Request-Forgery.html
http://skipper.com
Not Applicable
http://zalando.com
Vendor Advisory
https://gist.github.com/Fadavvi/9fffcfa4aaa9e25b77cfe7b3044b2857#file-cve-2022-38580
Third Party Advisory
https://pastebin.com/dXxpgPAK
Third Party Advisory
http://packetstormsecurity.com/files/171546/X-Skipper-Proxy-0.13.237-Server-Side-Request-Forgery.html
http://skipper.com
Not Applicable
http://zalando.com
Vendor Advisory
https://gist.github.com/Fadavvi/9fffcfa4aaa9e25b77cfe7b3044b2857#file-cve-2022-38580
Third Party Advisory
https://pastebin.com/dXxpgPAK
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:zalando:skipper:*:*:*:*:*:*:*:*

Версия до 0.13.237 (исключая)

EPSS

Процентиль: 98%

0.47011

Средний

9.8 Critical

CVSS3

Дефекты

CWE-918

Связанные уязвимости

GHSA-f2rj-m42r-6jm2

CVSS3: 9.8

github

больше 3 лет назад

Skipper vulnerable to SSRF via X-Skipper-Proxy

EPSS

Процентиль: 98%

0.47011

Средний

9.8 Critical

CVSS3

Дефекты

CWE-918