CVE-2022-23071

CVE-2022-23071: Recipes - SSRF on Import

Vendor Recipes

Product recipes

Weakness CWE-918 · SSRF

Published June 19, 2022

Last update September 17, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

In Recipes, versions 0.9.1 through 1.2.5 are vulnerable to Server Side Request Forgery (SSRF), in the “Import Recipe” functionality. When an attacker enters the localhost URL, a low privileged attacker can access/read the internal file system to access sensitive information.

Key dates

02Disclosure timeline

June 19, 2022 CVE published

September 17, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-23071 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/918.html

Related vulnerabilities

Identifiers

CVE CVE-2022-23071

CWE CWE-918

Affected versions

Vendor Recipes

Product recipes

Affected ≥ 0.9.1 and < unspecified

Vendor Recipes

Product recipes

Affected ≥ unspecified and ≤ 1.2.5

CVE-2022-23071: Recipes - SSRF on Import

01Description

02Disclosure timeline

03References

04Related CVE