Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistApacheCVELIST:CVE-2022-23206
HistoryFeb 06, 2022 - 3:15 p.m.

CVE-2022-23206 Server-Side Request Forgery in Traffic Ops endpoint POST /user/login/oauth

2022-02-0615:15:10
CWE-918
apache
www.cve.org

0.001 Low

EPSS

Percentile

36.2%

JSON

In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unprivileged user who can reach Traffic Ops over HTTPS can send a specially-crafted POST request to /user/login/oauth to scan a port of a server that Traffic Ops can reach.

CNA Affected

[
  {
    "product": "Apache Traffic Control",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "changes": [
          {
            "at": "5.1.6",
            "status": "unaffected"
          }
        ],
        "lessThan": "6.1.0",
        "status": "affected",
        "version": "Traffic Ops",
        "versionType": "custom"
      }
    ]
  }
]

Related

cnvd 1
github 1
gitlab 2
osv 2
nvd 1
prion 1
cve 1
cnvd
cnvd
Apache Traffic Control code issue vulnerability
2022-02-09 00:00:00
github
github
Server-Side Request Forgery in Apache Traffic Control
2022-02-07 00:00:23
gitlab
gitlab
Server-Side Request Forgery (SSRF)
2022-02-07 00:00:00
Server-Side Request Forgery (SSRF)
2022-02-06 00:00:00
osv
osv
Server-Side Request Forgery in Apache Traffic Control
2022-02-07 00:00:23
CVE-2022-23206
2022-02-06 16:15:07
nvd
nvd
CVE-2022-23206
2022-02-06 16:15:07
prion
prion
Design/Logic Flaw
2022-02-06 16:15:00
cve
cve
CVE-2022-23206
2022-02-06 16:15:07

0.001 Low

EPSS

Percentile

36.2%

JSON
Related for CVELIST:CVE-2022-23206
cnvd1github1gitlab2osv2nvd1prion1cve1