CVE-2022-31196 - OpenCVE

Databasir is a database metadata management platform. Databasir <= 1.06 has Server-Side Request Forgery (SSRF) vulnerability. The SSRF is triggered by a sending a **single** HTTP POST request to create a databaseType. By supplying a `jdbcDriverFileUrl` that returns a non `200` response code, the url is executed, the response is logged (both in terminal and in database) and is included in the response. This would allow an attackers to obtain the real IP address and scan Intranet information. This issue was fixed in version 1.0.7.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Databasir	Databasir

Configuration 1 [-]

cpe:2.3:a:databasir:databasir:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/vran-dev/databasir/commit/226c20e0c9124037671a91d6b3e5083bd2462058
https://github.com/vran-dev/databasir/releases/tag/v1.0.7
https://github.com/vran-dev/databasir/security/advisories/GHSA-qvg8-427f-852q

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2022-09-02T19:45:13

Updated: 2024-08-03T07:11:39.683Z

Reserved: 2022-05-18T00:00:00

Link: CVE-2022-31196

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-09-02T20:15:08.440

Modified: 2022-09-08T03:30:34.267

Link: CVE-2022-31196

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "databasir", "vendor": "vran-dev", "versions": [{"status": "affected", "version": "< 1.0.7"}]}], "descriptions": [{"lang": "en", "value": "Databasir is a database metadata management platform. Databasir <= 1.06 has Server-Side Request Forgery (SSRF) vulnerability. The SSRF is triggered by a sending a **single** HTTP POST request to create a databaseType. By supplying a `jdbcDriverFileUrl` that returns a non `200` response code, the url is executed, the response is logged (both in terminal and in database) and is included in the response. This would allow an attackers to obtain the real IP address and scan Intranet information. This issue was fixed in version 1.0.7."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "description": "CWE-918: Server-Side Request Forgery (SSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-02T19:45:13", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/vran-dev/databasir/security/advisories/GHSA-qvg8-427f-852q"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/vran-dev/databasir/commit/226c20e0c9124037671a91d6b3e5083bd2462058"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/vran-dev/databasir/releases/tag/v1.0.7"}], "source": {"advisory": "GHSA-qvg8-427f-852q", "discovery": "UNKNOWN"}, "title": "Server-Side Request Forgery (SSRF) vulnerability in Databasir", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-31196", "STATE": "PUBLIC", "TITLE": "Server-Side Request Forgery (SSRF) vulnerability in Databasir"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "databasir", "version": {"version_data": [{"version_value": "< 1.0.7"}]}}]}, "vendor_name": "vran-dev"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Databasir is a database metadata management platform. Databasir <= 1.06 has Server-Side Request Forgery (SSRF) vulnerability. The SSRF is triggered by a sending a **single** HTTP POST request to create a databaseType. By supplying a `jdbcDriverFileUrl` that returns a non `200` response code, the url is executed, the response is logged (both in terminal and in database) and is included in the response. This would allow an attackers to obtain the real IP address and scan Intranet information. This issue was fixed in version 1.0.7."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-918: Server-Side Request Forgery (SSRF)"}]}]}, "references": {"reference_data": [{"name": "https://github.com/vran-dev/databasir/security/advisories/GHSA-qvg8-427f-852q", "refsource": "CONFIRM", "url": "https://github.com/vran-dev/databasir/security/advisories/GHSA-qvg8-427f-852q"}, {"name": "https://github.com/vran-dev/databasir/commit/226c20e0c9124037671a91d6b3e5083bd2462058", "refsource": "MISC", "url": "https://github.com/vran-dev/databasir/commit/226c20e0c9124037671a91d6b3e5083bd2462058"}, {"name": "https://github.com/vran-dev/databasir/releases/tag/v1.0.7", "refsource": "MISC", "url": "https://github.com/vran-dev/databasir/releases/tag/v1.0.7"}]}, "source": {"advisory": "GHSA-qvg8-427f-852q", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:11:39.683Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/vran-dev/databasir/security/advisories/GHSA-qvg8-427f-852q"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/vran-dev/databasir/commit/226c20e0c9124037671a91d6b3e5083bd2462058"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/vran-dev/databasir/releases/tag/v1.0.7"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-31196", "datePublished": "2022-09-02T19:45:13", "dateReserved": "2022-05-18T00:00:00", "dateUpdated": "2024-08-03T07:11:39.683Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:databasir:databasir:*:*:*:*:*:*:*:*", "matchCriteriaId": "6CFB6810-D4F4-428F-B799-30955E9B3D0F", "versionEndExcluding": "1.0.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Databasir is a database metadata management platform. Databasir <= 1.06 has Server-Side Request Forgery (SSRF) vulnerability. The SSRF is triggered by a sending a **single** HTTP POST request to create a databaseType. By supplying a `jdbcDriverFileUrl` that returns a non `200` response code, the url is executed, the response is logged (both in terminal and in database) and is included in the response. This would allow an attackers to obtain the real IP address and scan Intranet information. This issue was fixed in version 1.0.7."}, {"lang": "es", "value": "Databasir es una plataforma de administraci\u00f3n de metadatos de bases de datos. Databasir versiones anteriores a 1.06 incluy\u00e9ndola, presenta una vulnerabilidad de tipo Server-Side Request Forgery (SSRF). La SSRF es desencadenada mediante el env\u00edo de una **sola** petici\u00f3n HTTP POST para crear una base de datosType. Al suministrar un \"jdbcDriverFileUrl\" que devuelve un c\u00f3digo de respuesta que no es \"200\", la url es ejecutada, la respuesta es registrada (tanto en el terminal como en la base de datos) y es incluido en la respuesta. Esto permitir\u00eda a un atacante obtener la direcci\u00f3n IP real y escanear la informaci\u00f3n de la Intranet. Este problema fue corregido en versi\u00f3n 1.0.7"}], "id": "CVE-2022-31196", "lastModified": "2022-09-08T03:30:34.267", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.7, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2022-09-02T20:15:08.440", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/vran-dev/databasir/commit/226c20e0c9124037671a91d6b3e5083bd2462058"}, {"source": "security-advisories@github.com", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/vran-dev/databasir/releases/tag/v1.0.7"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/vran-dev/databasir/security/advisories/GHSA-qvg8-427f-852q"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "security-advisories@github.com", "type": "Primary"}]}