CVE-2022-23464 MEDIUM

CVE-2022-23464: Potential Server Side Request Forgery (SSRF) in Nepxion Discovery

Vendor Nepxion

Product Discovery

Weakness CWE-918 · SSRF

Published September 24, 2022

Last update April 22, 2025

View on NVD All CVEs

CVSS base score

4.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery (SSRF). RouterResourceImpl uses RestTemplate’s getForEntity to retrieve the contents of a URL containing user-controlled input, potentially resulting in Information Disclosure. There is no patch available for this issue at time of publication. There are no known workarounds.

Key dates

02Disclosure timeline

September 24, 2022 CVE published

April 22, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-23464

Related vulnerabilities

CVE-2022-23464: Potential Server Side Request Forgery (SSRF) in Nepxion Discovery

01Description

02Disclosure timeline

03References

04Related CVE