QwikSec

Security Database

CVE

CWE

Training

CVE-2022-23071

Published: Jun 19, 2022

Modified: Sep 17, 2024

PUBLISHED

Description

In Recipes, versions 0.9.1 through 1.2.5 are vulnerable to Server Side Request Forgery (SSRF), in the “Import Recipe” functionality. When an attacker enters the localhost URL, a low privileged attacker can access/read the internal file system to access sensitive information.

Vendor	Product	Versions
recipes	recipes	affected `0.9.1 - < unspecified` affected `unspecified - <= 1.2.5`

Weaknesses (CWE)

References

https://www.mend.io/vulnerability-database/CVE-2022-23071

x_refsource_MISC

https://github.com/TandoorRecipes/recipes/commit/d48fe26a3529cc1ee903ffb2758dfd8f7efaba8c

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.