PT-2023-13981 · Unknown · Openrefine
Ixsly
·
Publicado
2023-08-04
·
Atualizado
2023-08-08
·
CVE-2022-41401
CVSS v3.1
6.5
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
OpenRefine versions 3.5.2 and earlier
Description
The issue allows unauthorized users to exploit the system, potentially leading to unauthorized access to internal resources and sensitive file disclosure due to a Server-Side Request Forgery (SSRF) vulnerability.
Recommendations
For OpenRefine versions 3.5.2 and earlier, update to a version later than 3.5.2 to resolve the issue.
As a temporary workaround, consider restricting access to internal resources to minimize the risk of exploitation.
Exploit
Correção
SSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Openrefine