We found results for “”
CVE-2022-44941
Good to know:
Date: November 7, 2022
A full read SSRF vulnerability was found in avatar upload in casdoor before 1.136.0. URLs for avatar upload are not restricted in any way. The attacker can set this to an arbitrary internal URL, eg. cloud metadata endpoint and the server will fetch it and store it on the server.
Language: Go
Severity Score
Severity Score
Top Fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | HIGH |