Databasir is a database metadata management platform. Databasir <= 1.06 has Server-Side Request Forgery (SSRF) vulnerability. The SSRF is triggered by a sending a **single** HTTP POST request to create a databaseType. By supplying a `jdbcDriverFileUrl` that returns a non `200` response code, the url is executed, the response is logged (both in terminal and in database) and is included in the response. This would allow an attackers to obtain the real IP address and scan Intranet information. This issue was fixed in version 1.0.7.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2022-09-02T19:45:13
Updated: 2024-08-03T07:11:39.683Z
Reserved: 2022-05-18T00:00:00
Link: CVE-2022-31196
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-09-02T20:15:08.440
Modified: 2024-11-21T07:04:06.180
Link: CVE-2022-31196
Redhat
No data.