Server-Side Request Forgery Vulnerability in OpenRefine by OpenRefine
CVE-2022-41401

6.5MEDIUM

Key Information:

Vendor: Openrefine
Status: Openrefine
Vendor: CVE Published:; 4 August 2023

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2022-41401?

OpenRefine versions prior to 3.5.3 are susceptible to a Server-Side Request Forgery (SSRF) vulnerability. This flaw could enable unauthorized users to craft requests that target internal resources, potentially compromising sensitive data and leading to unauthorized file access. Proper security measures should be taken to mitigate the risks associated with SSRF in your OpenRefine instances.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2022-41401
Created by ixSly

References

https://github.com/OpenRefine/OpenRefine/blob/30d6edb7b65...

https://github.com/OpenRefine/OpenRefine/blob/cb55cdfdf6f...

https://github.com/ixSly/CVE-2022-41401

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 4, 2023
🟡
Public PoC available
Jul 31, 2023
👾
Exploit known to exist
Jul 31, 2023
Vulnerability Reserved
Sep 26, 2022

Openrefine