CVE-2022-22702
on github
Published
Severity
CVSS v3:
4.3 MEDIUM
CVSS v2:
4 MEDIUM
Description
PartKeepr versions up to v1.4.0, in the functionality to upload attachments using a URL when creating a part does not validate that requests can be made to local ports, allowing an authenticated user to carry out SSRF attacks and port enumeration.
References
Configurations
CPE23 | Version Start | Version End | Exact Version |
---|---|---|---|
cpe:2.3:a:partkeepr:partkeepr:*:*:*:*:*:*:*:* | n/a | 1.4.0 (including) | * |