Databasir is a database metadata management platform. Databasir <= 1.06 has Server-Side Request Forgery (SSRF) vulnerability. The SSRF is triggered by a sending a **single** HTTP POST request to create a databaseType. By supplying a `jdbcDriverFileUrl` that returns a non `200` response code, the url is executed, the response is logged (both in terminal and in database) and is included in the response. This would allow an attackers to obtain the real IP address and scan Intranet information. This issue was fixed in version 1.0.7.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2022-09-02T19:45:13

Updated: 2024-08-03T07:11:39.683Z

Reserved: 2022-05-18T00:00:00

Link: CVE-2022-31196

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-09-02T20:15:08.440

Modified: 2024-11-21T07:04:06.180

Link: CVE-2022-31196

cve-icon Redhat

No data.