CVE-2022-1592 CRITICAL

CVE-2022-1592: Server-Side Request Forgery in scout in clinical-genomics/scout

Vendor Clinical-Genomics

Product clinical-genomics/scout

Weakness CWE-918 · SSRF

Published May 5, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

9.4/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

What the vulnerability does

01Description

Server-Side Request Forgery in scout in GitHub repository clinical-genomics/scout prior to v4.42. An attacker could make the application perform arbitrary requests to fishing steal cookie, request to private area, or lead to xss...

Key dates

02Disclosure timeline

May 5, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-1592

Related vulnerabilities

Identifiers

CVE CVE-2022-1592

CWE CWE-918

CVSS 9.4 / CRITICAL

Affected versions