Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.8.1 and below were not fully honored and may allow a remote, unauthenticated attacker to forge requests to arbitrary URLs from the system, potentially leading to network enumeration or reading from hosts inside the network perimeter, a different issue than CVE-2022-38211 and CVE-2022-38212.
History

Mon, 16 Sep 2024 19:45:00 +0000

Type Values Removed Values Added
Title The allowedProxyHosts property is not fully honored in ArcGIS Enterprise (10.8.1 and 10.7.1 only) The allowedProxyHosts property is not fully honored in ArcGIS Enterprise (10.8.1 and 10.7.1 only)

cve-icon MITRE

Status: PUBLISHED

Assigner: Esri

Published: 2022-12-30T05:13:00.217381Z

Updated: 2024-09-16T19:41:31.405Z

Reserved: 2022-08-12T00:00:00

Link: CVE-2022-38203

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-12-29T20:15:09.387

Modified: 2024-11-21T07:16:03.280

Link: CVE-2022-38203

cve-icon Redhat

No data.