daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enhancement: cves/2022/CVE-2022-2756.yaml by md

patch-1
MostInterestingBotInTheWorld 2023-04-13 11:52:59 -04:00
parent eb6c935f55
commit 899d92d126
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
cves/2022/CVE-2022-2756.yaml
View File

@ -1,17 +1,17 @@
id: CVE-2022-2756
info:
name: Kavita <= 0.5.4 - Server-Side Request Forgery
name: Kavita <0.5.4.1 - Server-Side Request Forgery
author: theamanrawat
severity: medium
description: |
Server-Side Request Forgery (SSRF) in GitHub repository kareadita/kavita prior to 0.5.4.1.
Kavita before 0.5.4.1 is susceptible to server-side request forgery in GitHub repository kareadita/kavita. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
reference:
- https://huntr.dev/bounties/95e7c181-9d80-4428-aebf-687ac55a9216/
- https://github.com/kareadita/kavita
- https://nvd.nist.gov/vuln/detail/CVE-2022-2756
- https://github.com/kareadita/kavita/commit/9c31f7e7c81b919923cb2e3857439ec0d16243e4
remediation: Fixed in 0.5.4.1
- https://nvd.nist.gov/vuln/detail/CVE-2022-2756
remediation: Fixed in 0.5.4.1.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
cvss-score: 6.5
@ -76,3 +76,5 @@ requests:
group: 1
regex:
- 'coverupload.(.*?).png'
# Enhanced by md on 2023/04/13