Description

Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery (SSRF). RouterResourceImpl uses RestTemplate’s getForEntity to retrieve the contents of a URL containing user-controlled input, potentially resulting in Information Disclosure. There is no patch available for this issue at time of publication. There are no known workarounds.

Related CPE's

a

nepxion

discovery

*

*

*

*

*

spring_cloud

Vulnerable

References

https://securitylab.github.com/advisories/GHSL-2022-033_GHSL-2022-034_Discovery/

ExploitThird Party Advisory

Weaknesses

[email protected]

Primary
CWE-918

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2022-09-24T05:15:08.837

2 years ago

Last modified

2022-09-28T15:39:55.150

2 years ago