Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- CVE-2022-38580
- Description: Zalando Skipper is vulnerable to Universal SSRF [Server-Side Request Forgery]
- Vulnerable version(s): <= v0.13.236
- GitHub: https://github.com/zalando/skipper
- Patch: https://github.com/zalando/skipper/releases/tag/v0.13.237
- Vulnerable Code: https://github.com/zalando/skipper/pull/2058/commits/36bd409ea926de60f3822b6ea5c07bcfd4d8d9cb
- Discoverer: Milad Fadavvi, Hossein Vita
- CVSS v3.1 Vector: AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
- Impact Escalation of Privileges: True
- Impact Information Disclosure: True
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement