Lucene search
GoogleOSV:GHSA-WP47-9R3H-XFGQHistoryFeb 07, 2022 - 12:00 a.m.
Server-Side Request Forgery in Apache Traffic Control
2022-02-0700:00:23
Google
osv.dev
9
0.001 Low
EPSS
Percentile
36.2%
In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unprivileged user who can reach Traffic Ops over HTTPS can send a specially-crafted POST request to /user/login/oauth to scan a port of a server that Traffic Ops can reach.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/apache/trafficcontrol | lt | 6.1.0 | |
| github.com/apache/trafficcontrol | ge | 6.0.0 | |
| github.com/apache/trafficcontrol | lt | 5.1.6 |
Related
osv
osv
CVE-2022-23206
2022-02-06 16:15:07
gitlab
gitlab
Server-Side Request Forgery (SSRF)
2022-02-06 00:00:00
Server-Side Request Forgery (SSRF)
2022-02-07 00:00:00
nvd
nvd
CVE-2022-23206
2022-02-06 16:15:07
cnvd
cnvd
Apache Traffic Control code issue vulnerability
2022-02-09 00:00:00
cvelist
cvelist
github
github
Server-Side Request Forgery in Apache Traffic Control
2022-02-07 00:00:23
prion
prion
Design/Logic Flaw
2022-02-06 16:15:00
cve
cve
CVE-2022-23206
2022-02-06 16:15:07