CVE-2022-2339

Published: Jul 7, 2022Modified: Aug 26, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

With this SSRF vulnerability, an attacker can reach internal addresses to make a request as the server and read it's contents. This attack can lead to leak of sensitive information.

Affected (1)

Products: Nocodb: Nocodb

Nocodb

1 product

Nocodb

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Nocodb Nocodb	Before 0.92.0

Related CWEs

CWE-918

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (4)

https://github.com/nocodb/nocodb/commit/000ecd886738b965b5997cd905825e3244f48b95

Source: security@huntr.dev

PatchThird Party Advisory

https://huntr.dev/bounties/fff06de8-2a82-49b1-8e81-968731e87eef

Source: security@huntr.dev

ExploitPatchThird Party Advisory

https://github.com/nocodb/nocodb/commit/000ecd886738b965b5997cd905825e3244f48b95

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://huntr.dev/bounties/fff06de8-2a82-49b1-8e81-968731e87eef

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchThird Party Advisory

Timeline

No history available yet.