CVE-2022-23071 Recipes - SSRF on Import

2022-06-1910:15:14

CWE-918

Mend

www.cve.org

cve-2022-23071

recipes

ssrf

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

30.4%

JSON

In Recipes, versions 0.9.1 through 1.2.5 are vulnerable to Server Side Request Forgery (SSRF), in the “Import Recipe” functionality. When an attacker enters the localhost URL, a low privileged attacker can access/read the internal file system to access sensitive information.

CNA Affected

[
  {
    "product": "recipes",
    "vendor": "recipes",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "0.9.1",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "1.2.5",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]