Home > Vulnerability Database > CVE-2022-1379

Mend.io Vulnerability Database

CVE-2022-1379

Good to know:

Date: May 14, 2022

URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5. An attacker can abuse this to bypass URL restrictions that are imposed by the different security profiles and achieve server side request forgery (SSRF). This allows accessing restricted internal resources/servers or sending requests to third party servers.

Language: Java

Severity Score

9.1

Related Resources (6)

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4DP36G2VBOZUNQIUZ5LVJKZIVO4SDAI/

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-1379

Url: https://github.com/plantuml/plantuml/commit/93e5964e5f35914f3f7b89de620c596795550083

Url: https://huntr.dev/bounties/0d737527-86e1-41d1-9d37-b2de36bc063a

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHUE4G5CAJUD7L2QPJF6U4JYQTP7CNNL/

Url: https://www.mend.io/vulnerability-database/CVE-2022-1379

Severity Score

9.1

Weakness Type (CWE)

Server-Side Request Forgery (SSRF)

CWE-918

Top Fix

Upgrade Version

Upgrade to version net.sourceforge.plantuml:plantuml:v1.2022.5

Learn More

CVSS v3.1

Base Score:	9.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

CVSS v2

Base Score:	6.4
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2022-1379

Good to know:

Date: May 14, 2022

Language: Java

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?