CVE-2022-23464

Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery (SSRF). RouterResourceImpl uses RestTemplate’s getForEntity to retrieve the contents of a URL containing user-controlled input, potentially resulting in Information Disclosure. There is no patch available for this issue at time of publication. There are no known workarounds.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://securitylab.github.com/advisories/GHSL-2022-033_GHSL-2022-034_Discovery/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:nepxion:discovery:*:*:*:*:*:spring_cloud:*:*

History

28 Sep 2022, 15:39

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
First Time		Nepxion discovery Nepxion
CPE		cpe:2.3:a:nepxion:discovery::::::spring_cloud::*
References	~~(MISC) https://securitylab.github.com/advisories/GHSL-2022-033_GHSL-2022-034_Discovery/ -~~	(MISC) https://securitylab.github.com/advisories/GHSL-2022-033_GHSL-2022-034_Discovery/ - Exploit, Third Party Advisory

24 Sep 2022, 05:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-09-24 05:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-23464

Mitre link : CVE-2022-23464

CVE.ORG link : CVE-2022-23464

JSON object : View

Products Affected

nepxion

discovery

CWE

CWE-918

Server-Side Request Forgery (SSRF)

{"id": "CVE-2022-23464", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2022-09-24T05:15:08.837", "references": [{"url": "https://securitylab.github.com/advisories/GHSL-2022-033_GHSL-2022-034_Discovery/", "tags": ["Exploit", "Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery (SSRF). RouterResourceImpl uses RestTemplate\u2019s getForEntity to retrieve the contents of a URL containing user-controlled input, potentially resulting in Information Disclosure. There is no patch available for this issue at time of publication. There are no known workarounds."}, {"lang": "es", "value": "Nepxion Discovery es una soluci\u00f3n para Spring Cloud. Discovery es vulnerable a un potencial ataque de tipo Server-Side Request Forgery (SSRF). RouterResourceImpl usa getForEntity de RestTemplate para recuperar el contenido de una URL que contiene entradas controladas por el usuario, resultando potencialmente en una Divulgaci\u00f3n de Informaci\u00f3n. En el momento de la publicaci\u00f3n no se presenta ning\u00fan parche disponible para este problema. No se presentan mitigaciones conocidas.\n"}], "lastModified": "2022-09-28T15:39:55.150", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nepxion:discovery:*:*:*:*:*:spring_cloud:*:*", "vulnerable": true, "matchCriteriaId": "E03F780C-9027-47FD-9114-495628B1CF42", "versionEndIncluding": "6.16.2"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}