admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-07 13:36:56 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2022/CVE-2022-15xx/CVE-2022-1561.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

129 lines
4.1 KiB
JSON
Raw Blame History

{
"id": "CVE-2022-1561",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2022-08-01T13:15:09.810",
"lastModified": "2022-08-08T13:24:19.137",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Lura and KrakenD-CE versions older than v2.0.2 and KrakenD-EE versions older than v2.0.0 do not sanitize URL parameters correctly, allowing a malicious user to alter the backend URL defined for a pipe when remote users send crafty URL requests. The vulnerability does not affect KrakenD itself, but the consumed backend might be vulnerable."
},
{
"lang": "es",
"value": "Lura y KrakenD-CE versiones anteriores a v2.0.2 y KrakenD-EE versiones anteriores a v2.0.0, no sanean los par\u00e1metros de la URL, lo que permite a un usuario malicioso alterar la URL del backend definida para una tuber\u00eda cuando los usuarios remotos env\u00edan peticiones de URL astutas. La vulnerabilidad no afecta al propio KrakenD, pero el backend consumido podr\u00eda ser vulnerable"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-471"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:krakend:krakend:*:*:*:*:enterprise:*:*:*",
"versionEndExcluding": "2.0.0",
"matchCriteriaId": "3A6E0144-4F80-47D1-800E-809580D1C525"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:krakend:krakend:*:*:*:*:community:*:*:*",
"versionEndIncluding": "2.0.2",
"matchCriteriaId": "55A063F9-8673-4B66-900F-A3B19E06777A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:luraproject:lura:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0.2",
"matchCriteriaId": "E961C753-02DB-473E-9D24-6B9B400B8AE9"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe-cert.es/en/early-warning/security-advisories/crafted-backend-urls-lura-project",
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.krakend.io/blog/cve-2022-1561-crafted-backend-urls/",
"source": "cve-coordination@incibe.es",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink