Home > Vulnerability Database > CVE-2022-44941

Mend.io Vulnerability Database

CVE-2022-44941

Date: November 7, 2022

A full read SSRF vulnerability was found in avatar upload in casdoor before 1.136.0. URLs for avatar upload are not restricted in any way. The attacker can set this to an arbitrary internal URL, eg. cloud metadata endpoint and the server will fetch it and store it on the server.

Language: Go

Severity Score

8.8

Related Resources (4)

Url: https://github.com/casdoor/casdoor/commit/107d85ec5b74290c5fc81c4363cc63e832bb67fa

Url: https://github.com/casdoor/casdoor/issues/1187

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-44941

Url: https://www.mend.io/vulnerability-database/CVE-2022-44941

Severity Score

8.8

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-44941

Date: November 7, 2022

Language: Go

Severity Score

Related Resources (4)

Severity Score

CVSS v3.1

Do you need more information?