← Back

CVE-2022-28109

nvd nist
Published: Apr 15, 2022Modified: Jun 17, 2026

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

Selenium Selenium Grid (formerly Selenium Standalone Server) Fixed in 4.0.0-alpha-7 is affected by: DNS rebinding. The impact is: execute arbitrary code (remote). The component is: WebDriver endpoint of Selenium Grid / Selenium Standalone Server. The attack vector is: Triggered by browsing to to a malicious remote web server. The WebDriver endpoint of Selenium Server (Grid) is vulnerable to DNS rebinding. This can be used to execute arbitrary code on the machine.

Affected (8)

Selenium
1 product
Selenium Grid
Configuration A
8 vulnerable
Vulnerable SoftwareAffected Versions
Selenium
Selenium Grid
Before 4.0.0
Selenium Grid
Version 4.0.0
Selenium Grid
Version 4.0.0 alpha1
Selenium Grid
Version 4.0.0 alpha2
Selenium Grid
Version 4.0.0 alpha3
Selenium Grid
Version 4.0.0 alpha4
Selenium Grid
Version 4.0.0 alpha5
Selenium Grid
Version 4.0.0 alpha6

Related CWEs

CWE-352
Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (6)

Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
ExploitMitigationThird Party Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitMitigationThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory

Timeline

No history available yet.