CVE-2022-1592 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2022-1592

CVE-2022-1592

May 05, 2022

Server-Side Request Forgery in scout in GitHub repository clinical-genomics/scout prior to v4.42. An attacker could make the application perform arbitrary requests to fishing steal cookie, request to private area, or lead to xss...

Affected Packages

scout-browser (PYTHON):

Affected version(s) >=1.2.0b1 <4.52

Fix Suggestion:

Update to version 4.52

Related Resources (7)

https://huntr.dev/bounties/352b39da-0f2e-415a-9793-5480cae8bd27

https://github.com/clinical-genomics/scout/commit/b0ef15f4737d0c801154c1991b52ff5cab4f5c83

https://github.com/Clinical-Genomics/scout/pull/3326

https://nvd.nist.gov/vuln/detail/CVE-2022-1592

https://github.com/clinical-genomics/scout

https://github.com/Clinical-Genomics/scout/issues/3325

https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/1xxx/CVE-2022-1592.json

Do you need more information?

CVSS v4

Base Score:

9.3

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

HIGH

Vulnerable System Availability

LOW

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

LOW

Availability

NONE

CVSS v2

Base Score:

6.4

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

Weakness Type (CWE)

Server-Side Request Forgery (SSRF)

CWE-918

EPSS

Base Score:

0.21

Products

Solutions

Resources

Company

Compare

Developer Tools