Server-Side Request Forgery in Gibbon by Amro
CVE-2022-27311

9.8CRITICAL

Key Information:

Vendor

Gibbon Project

Status
Gibbon
Vendor
CVE Published:
25 April 2022

What is CVE-2022-27311?

Gibbon versions 3.4.4 and below are susceptible to a Server-Side Request Forgery (SSRF) vulnerability, which can be exploited by attackers through specially crafted URLs. This vulnerability can enable malicious actors to trigger requests to internal services within the server, potentially leading to information disclosure or further exploitation. Users of affected versions are advised to upgrade to the latest patched versions to mitigate these risks.

References

https://github.com/amro/gibbon/pull/321
x_refsource_MISC
https://github.com/amro/gibbon/commit/b2eb99ed304d7491a6d...
x_refsource_MISC
https://github.com/amro/gibbon/commit/cade20ca2438cd1b182...
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.