CVE-2022-2255

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions mod wsgi (affected versions not specified)

Description A vulnerability in mod wsgi is related to errors in processing the X-Client-IP header. This issue allows an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing when the request comes from an untrusted proxy. The exploitation of this issue may enable a remote attacker to gain unauthorized access to network services.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Insufficient Verification of Data Authenticity

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-345CWE-348

Related Identifiers

ALSA-2025:4791

ALT-PU-2022-2741

ALT-PU-2023-7563

ALT-PU-2024-2024

ALT-PU-2024-6810

AZL-10734

BDU:2022-05209

BIT-MOD_WSGI-2022-2255

CESA-2025_4791

CVE-2022-2255

DLA-3111-1

GHSA-7527-8855-9CF8

INFSA-2025_4791

MGASA-2022-0289

OESA-2022-1827

OPENSUSE-SU-2022_4010-1

OPENSUSE-SU-2022_4488-1

OPENSUSE-SU-2024:12535-1

PYSEC-2022-254

RHSA-2025:4791

RHSA-2025_4791

SUSE-SU-2022:4010-1

SUSE-SU-2022:4013-1

SUSE-SU-2022:4488-1

SUSE-SU-2022_4010-1

SUSE-SU-2022_4013-1

SUSE-SU-2022_4488-1

USN-5551-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

Mod Wsgi

CVE-2022-2255

Weakness Enumeration

Related Identifiers

Affected Products

References · 55