PT-2021-14918 · Baserow · Baserow

Bram Wiepjes

Published

2021-08-20

Updated

2021-08-30

CVE-2021-22255

CVSS v3.1

7.7

High

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Baserow versions prior to 1.1.0

Description: The issue allows remote authenticated users to retrieve files from the internal server network exposed over HTTP by inserting an internal address in the URL file upload. This is due to a Server-Side Request Forgery (SSRF) in Baserow.

Recommendations: For versions prior to 1.1.0, update to version 1.1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the file upload feature to minimize the risk of exploitation.

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2021-22255

Affected Products

Baserow

PT-2021-14918 · Baserow · Baserow

CVE-2021-22255

Weakness Enumeration

Related Identifiers

Affected Products

References · 5