Server-Side Request Forgery (SSRF) in kareadita/kavita
CVE-2022-2756

7.1HIGH

Key Information:

Vendor: Kareadita
Status: Kareadita/kavita
Vendor: CVE Published:; 10 August 2022

🔔 Create Kareadita Vulnerability Alert

What is CVE-2022-2756?

Server-Side Request Forgery (SSRF) in GitHub repository kareadita/kavita prior to 0.5.4.1.

Affected Version(s)

kareadita/kavita < 0.5.4.1

References

https://huntr.dev/bounties/95e7c181-9d80-4428-aebf-687ac5...

x_refsource_CONFIRM

https://github.com/kareadita/kavita/commit/9c31f7e7c81b91...

x_refsource_MISC

EPSS Score

53% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

CVSS V3.0

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 10, 2022
Vulnerability Reserved
Aug 10, 2022

CVE-2022-2756 Data

JSON