PT-2022-15829 · Recipes · Recipes

Published

2022-06-19

Updated

2022-06-28

CVE-2022-23071

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Recipes versions 0.9.1 through 1.2.5

Description The issue concerns Server Side Request Forgery (SSRF) in the "Import Recipe" functionality. When an attacker enters the localhost URL, a low-privileged attacker can access or read the internal file system to obtain sensitive information.

Recommendations For versions 0.9.1 through 1.2.5, consider disabling the "Import Recipe" functionality until a patch is available to prevent exploitation. Restrict access to the internal file system to minimize the risk of sensitive information disclosure.

Exploit

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2022-23071

Affected Products

Recipes

PT-2022-15829 · Recipes · Recipes

CVE-2022-23071

Weakness Enumeration

Related Identifiers

Affected Products

References · 6