PT-2022-21967 · Oneblog · Oneblog
Qumh
·
Published
2022-06-23
·
Updated
2022-06-29
·
CVE-2022-34011
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
OneBlog version 2.3.4
Description
A Server-Side Request Forgery (SSRF) issue was discovered, which can be exploited via the
entryUrls parameter. This allows an attacker to forge requests from the server, potentially leading to unauthorized access to internal resources.Recommendations
For OneBlog version 2.3.4, as a temporary workaround, consider restricting access to the
entryUrls parameter until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Oneblog