PT-2023-13981 · Unknown · Openrefine

Ixsly

Published

2023-08-04

Updated

2023-08-08

CVE-2022-41401

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions OpenRefine versions 3.5.2 and earlier

Description The issue allows unauthorized users to exploit the system, potentially leading to unauthorized access to internal resources and sensitive file disclosure due to a Server-Side Request Forgery (SSRF) vulnerability.

Recommendations For OpenRefine versions 3.5.2 and earlier, update to a version later than 3.5.2 to resolve the issue. As a temporary workaround, consider restricting access to internal resources to minimize the risk of exploitation.

Exploit

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2022-41401

GHSA-Q7MC-FC87-V7W7

Affected Products

Openrefine

PT-2023-13981 · Unknown · Openrefine

CVE-2022-41401

Weakness Enumeration

Related Identifiers

Affected Products

References · 14