CVE-2022-29153

Risk Scores

Affected Products

Exploit Intelligence

• CIRCL exploited: CVE-2022-29153 (circl-sighting)
• CIRCL seen: CVE-2022-29153 (circl-sighting)
• CIRCL seen: CVE-2022-29153 (circl-sighting)
• CIRCL exploited: CVE-2022-29153 (circl-sighting)
• CIRCL seen: CVE-2022-29153 (circl-sighting)
• https://discuss.hashicorp.com (circl)
• https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/38393 (circl)
• https://security.netapp.com/advisory/ntap-20220602-0005/ (circl)
• GLSA-202208-09 (circl)
• https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/ (circl)

…and 38 more exploits

Timeline

• Apr 19, 2022 CVE Published
• Apr 19, 2022 PoC Published
• Apr 20, 2022 EPSS Score
• Apr 26, 2023 EPSS Score
• Sep 17, 2023 EPSS Score
• Jan 7, 2024 EPSS Score
• Aug 3, 2024 CVE Updated
• Oct 15, 2024 EPSS Score
• Nov 11, 2024 EPSS Score
• Dec 17, 2024 EPSS Score
• Jan 26, 2025 PoC Published
• Feb 10, 2025 PoC Published

References

• https://discuss.hashicorp.com url
• https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/ url
• https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/38393 url
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RBODKZL7HQE5XXS3SA2VIDVL4LAA5RWH/ url
• https://security.gentoo.org/glsa/202208-09 url
• https://security.netapp.com/advisory/ntap-20220602-0005/ url
• https://nvd.nist.gov/vuln/detail/CVE-2022-29153 url
• Multiples vulnérabilités dans les produits IBM advisory