CVE-2022-23464

CVSS v3.1 7.5 (High)

EPSS 0.21 % (59^th)

Affected Products 1

Advisories 1

Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery (SSRF). RouterResourceImpl uses RestTemplate’s getForEntity to retrieve the contents of a URL containing user-controlled input, potentially resulting in Information Disclosure. There is no patch available for this issue at time of publication. There are no known workarounds.

Weaknesses

CWE-918: Server-Side Request Forgery (SSRF)

CVE Status: PUBLISHED
CNA: GitHub, Inc.
Published Date: 2022-09-24 05:15:08
(2 years ago)
Updated Date: 2022-09-28 15:39:55
(2 years ago)

Affected Products

Nepxion

Discovery

Configuration #1

		CPE23	From	Up To
	Nepxion Discovery for Spring Cloud 6.16.2 and prior versions	cpe:2.3:a:nepxion:discovery::::::spring_cloud		<= 6.16.2