Vulnerability Details CVE-2022-22702
PartKeepr versions up to v1.4.0, in the functionality to upload attachments using a URL when creating a part does not validate that requests can be made to local ports, allowing an authenticated user to carry out SSRF attacks and port enumeration.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 32.0%
CVSS Severity
CVSS v3 Score 4.3
CVSS v2 Score 4.0
References
Products affected by CVE-2022-22702
-
cpe:2.3:a:partkeepr:partkeepr:0.1
-
cpe:2.3:a:partkeepr:partkeepr:0.1.1
-
cpe:2.3:a:partkeepr:partkeepr:0.1.2
-
cpe:2.3:a:partkeepr:partkeepr:0.1.3
-
cpe:2.3:a:partkeepr:partkeepr:0.1.4
-
cpe:2.3:a:partkeepr:partkeepr:0.1.5
-
cpe:2.3:a:partkeepr:partkeepr:0.1.6
-
cpe:2.3:a:partkeepr:partkeepr:0.1.6.1
-
cpe:2.3:a:partkeepr:partkeepr:0.1.7
-
cpe:2.3:a:partkeepr:partkeepr:0.1.8
-
cpe:2.3:a:partkeepr:partkeepr:0.1.9
-
cpe:2.3:a:partkeepr:partkeepr:0.11
-
cpe:2.3:a:partkeepr:partkeepr:0.11a
-
cpe:2.3:a:partkeepr:partkeepr:0.16
-
cpe:2.3:a:partkeepr:partkeepr:0.75
-
cpe:2.3:a:partkeepr:partkeepr:0.76
-
cpe:2.3:a:partkeepr:partkeepr:0.77
-
cpe:2.3:a:partkeepr:partkeepr:0.78
-
cpe:2.3:a:partkeepr:partkeepr:0.79
-
cpe:2.3:a:partkeepr:partkeepr:0.80
-
cpe:2.3:a:partkeepr:partkeepr:0.81
-
cpe:2.3:a:partkeepr:partkeepr:0.82
-
cpe:2.3:a:partkeepr:partkeepr:1.0.0
-
cpe:2.3:a:partkeepr:partkeepr:1.1.0
-
cpe:2.3:a:partkeepr:partkeepr:1.2.0
-
cpe:2.3:a:partkeepr:partkeepr:1.3.0
-
cpe:2.3:a:partkeepr:partkeepr:1.4.0