Charm vulnerable to server-side request forgery (SSRF)
CVE-2022-29180

5.9MEDIUM

Key Information:

Vendor: Charmbracelet
Status: Charm
Vendor: CVE Published:; 7 May 2022

🔔 Create Charmbracelet Vulnerability Alert

What is CVE-2022-29180?

A vulnerability in which attackers could forge HTTP requests to manipulate the charm data directory to access or delete anything on the server. This has been patched and is available in release v0.12.1. We recommend that all users running self-hosted charm instances update immediately. This vulnerability was found in-house and we haven't been notified of any potential exploiters. ### Additional notes * Encrypted user data uploaded to the Charm server is safe as Charm servers cannot decrypt user data. This includes filenames, paths, and all key-value data. * Users running the official Charm Docker images are at minimal risk because the exploit is limited to the containerized filesystem.

Affected Version(s)

charm >= 0.9.0, < 0.12.1

References

https://github.com/charmbracelet/charm/security/advisorie...

x_refsource_CONFIRM

https://github.com/charmbracelet/charm/commit/3c90668f955...

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 7, 2022
Vulnerability Reserved
Apr 13, 2022

CVE-2022-29180 Data

JSON