VDB
CVE-2022-35949
CVE-2022-35949
PUBLISHED
CVSS 8.699999809265137 HIGH
In Red Hat Enterprise Linux besteht eine Schwachstelle im Advanced Cluster Management, die bisher noch nicht im Detail beschrieben und veröffentlicht wurde. Der Fehler besteht in der Komponente undici aufgrund einer Server-Side Request Forgery (SSRF). Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen.
EPSS 0.39% · 60.4th percentile
Risk Scores
CVSS 4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:L/SA:N
EPSS Score
0.39%
60.4th percentile
Exploit Intelligence
- https://github.com/nodejs/undici/security/advisories/GHSA-8qr4-xgw6-wmr3 (nist-nvd)
- [CVE-2022-35949]: undici.request vulnerable to SSRF using absolute / protocol-relative URL on pathname (hackerone)
- [CVE-2022-35949]: undici.request vulnerable to SSRF using absolute / protocol-relative URL on pathname (hackerone)
- [CVE-2022-35949]: undici.request vulnerable to SSRF using absolute / protocol-relative URL on pathname (hackerone)
- https://github.com/nodejs/undici/commit/124f7ebf705366b2e1844dff721928d270f87895 (circl)
- https://github.com/nodejs/undici/releases/tag/v5.8.2 (circl)
Timeline
- CVE Published
- Aug 13, 2022 EPSS Score
- Sep 23, 2022 PoC Published
- Sep 28, 2022 EPSS Score
- Nov 13, 2022 EPSS Score
- Dec 29, 2022 EPSS Score
- Feb 13, 2023 EPSS Score
- Mar 31, 2023 EPSS Score
- May 16, 2023 EPSS Score
- Jul 1, 2023 EPSS Score
- Aug 17, 2023 EPSS Score
- Oct 2, 2023 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1933.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1933 advisory
- https://access.redhat.com/errata/RHSA-2023:3645 advisory
- https://access.redhat.com/errata/RHSA-2022:7276 advisory
- https://access.redhat.com/errata/RHSA-2022:7313 advisory