CVE-2022-31196

{"id": "CVE-2022-31196", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 4.7, "exploitabilityScore": 2.8}]}, "published": "2022-09-02T20:15:08.440", "references": [{"url": "https://github.com/vran-dev/databasir/commit/226c20e0c9124037671a91d6b3e5083bd2462058", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/vran-dev/databasir/releases/tag/v1.0.7", "tags": ["Release Notes", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/vran-dev/databasir/security/advisories/GHSA-qvg8-427f-852q", "tags": ["Exploit", "Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "Databasir is a database metadata management platform. Databasir <= 1.06 has Server-Side Request Forgery (SSRF) vulnerability. The SSRF is triggered by a sending a **single** HTTP POST request to create a databaseType. By supplying a `jdbcDriverFileUrl` that returns a non `200` response code, the url is executed, the response is logged (both in terminal and in database) and is included in the response. This would allow an attackers to obtain the real IP address and scan Intranet information. This issue was fixed in version 1.0.7."}, {"lang": "es", "value": "Databasir es una plataforma de administraci\u00f3n de metadatos de bases de datos. Databasir versiones anteriores a 1.06 incluy\u00e9ndola, presenta una vulnerabilidad de tipo Server-Side Request Forgery (SSRF). La SSRF es desencadenada mediante el env\u00edo de una **sola** petici\u00f3n HTTP POST para crear una base de datosType. Al suministrar un \"jdbcDriverFileUrl\" que devuelve un c\u00f3digo de respuesta que no es \"200\", la url es ejecutada, la respuesta es registrada (tanto en el terminal como en la base de datos) y es incluido en la respuesta. Esto permitir\u00eda a un atacante obtener la direcci\u00f3n IP real y escanear la informaci\u00f3n de la Intranet. Este problema fue corregido en versi\u00f3n 1.0.7"}], "lastModified": "2022-09-08T03:30:34.267", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:databasir:databasir:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6CFB6810-D4F4-428F-B799-30955E9B3D0F", "versionEndExcluding": "1.0.7"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}