CVE-2022-31196 (GCVE-0-2022-31196)
Vulnerability from cvelistv5 – Published: 2022-09-02 19:45 – Updated: 2025-04-22 17:24
VLAI?
Title
Server-Side Request Forgery (SSRF) vulnerability in Databasir
Summary
Databasir is a database metadata management platform. Databasir <= 1.06 has Server-Side Request Forgery (SSRF) vulnerability. The SSRF is triggered by a sending a **single** HTTP POST request to create a databaseType. By supplying a `jdbcDriverFileUrl` that returns a non `200` response code, the url is executed, the response is logged (both in terminal and in database) and is included in the response. This would allow an attackers to obtain the real IP address and scan Intranet information. This issue was fixed in version 1.0.7.
Severity ?
7.6 (High)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:11:39.683Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/vran-dev/databasir/security/advisories/GHSA-qvg8-427f-852q"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vran-dev/databasir/commit/226c20e0c9124037671a91d6b3e5083bd2462058"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vran-dev/databasir/releases/tag/v1.0.7"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-31196",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T15:44:40.488360Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T17:24:36.312Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "databasir",
"vendor": "vran-dev",
"versions": [
{
"status": "affected",
"version": "\u003c 1.0.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Databasir is a database metadata management platform. Databasir \u003c= 1.06 has Server-Side Request Forgery (SSRF) vulnerability. The SSRF is triggered by a sending a **single** HTTP POST request to create a databaseType. By supplying a `jdbcDriverFileUrl` that returns a non `200` response code, the url is executed, the response is logged (both in terminal and in database) and is included in the response. This would allow an attackers to obtain the real IP address and scan Intranet information. This issue was fixed in version 1.0.7."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-02T19:45:13.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vran-dev/databasir/security/advisories/GHSA-qvg8-427f-852q"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vran-dev/databasir/commit/226c20e0c9124037671a91d6b3e5083bd2462058"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vran-dev/databasir/releases/tag/v1.0.7"
}
],
"source": {
"advisory": "GHSA-qvg8-427f-852q",
"discovery": "UNKNOWN"
},
"title": "Server-Side Request Forgery (SSRF) vulnerability in Databasir",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-31196",
"STATE": "PUBLIC",
"TITLE": "Server-Side Request Forgery (SSRF) vulnerability in Databasir"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "databasir",
"version": {
"version_data": [
{
"version_value": "\u003c 1.0.7"
}
]
}
}
]
},
"vendor_name": "vran-dev"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Databasir is a database metadata management platform. Databasir \u003c= 1.06 has Server-Side Request Forgery (SSRF) vulnerability. The SSRF is triggered by a sending a **single** HTTP POST request to create a databaseType. By supplying a `jdbcDriverFileUrl` that returns a non `200` response code, the url is executed, the response is logged (both in terminal and in database) and is included in the response. This would allow an attackers to obtain the real IP address and scan Intranet information. This issue was fixed in version 1.0.7."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918: Server-Side Request Forgery (SSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/vran-dev/databasir/security/advisories/GHSA-qvg8-427f-852q",
"refsource": "CONFIRM",
"url": "https://github.com/vran-dev/databasir/security/advisories/GHSA-qvg8-427f-852q"
},
{
"name": "https://github.com/vran-dev/databasir/commit/226c20e0c9124037671a91d6b3e5083bd2462058",
"refsource": "MISC",
"url": "https://github.com/vran-dev/databasir/commit/226c20e0c9124037671a91d6b3e5083bd2462058"
},
{
"name": "https://github.com/vran-dev/databasir/releases/tag/v1.0.7",
"refsource": "MISC",
"url": "https://github.com/vran-dev/databasir/releases/tag/v1.0.7"
}
]
},
"source": {
"advisory": "GHSA-qvg8-427f-852q",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-31196",
"datePublished": "2022-09-02T19:45:13.000Z",
"dateReserved": "2022-05-18T00:00:00.000Z",
"dateUpdated": "2025-04-22T17:24:36.312Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-31196",
"date": "2026-04-28",
"epss": "0.00306",
"percentile": "0.53837"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-31196\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2022-09-02T20:15:08.440\",\"lastModified\":\"2024-11-21T07:04:06.180\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Databasir is a database metadata management platform. Databasir \u003c= 1.06 has Server-Side Request Forgery (SSRF) vulnerability. The SSRF is triggered by a sending a **single** HTTP POST request to create a databaseType. By supplying a `jdbcDriverFileUrl` that returns a non `200` response code, the url is executed, the response is logged (both in terminal and in database) and is included in the response. This would allow an attackers to obtain the real IP address and scan Intranet information. This issue was fixed in version 1.0.7.\"},{\"lang\":\"es\",\"value\":\"Databasir es una plataforma de administraci\u00f3n de metadatos de bases de datos. Databasir versiones anteriores a 1.06 incluy\u00e9ndola, presenta una vulnerabilidad de tipo Server-Side Request Forgery (SSRF). La SSRF es desencadenada mediante el env\u00edo de una **sola** petici\u00f3n HTTP POST para crear una base de datosType. Al suministrar un \\\"jdbcDriverFileUrl\\\" que devuelve un c\u00f3digo de respuesta que no es \\\"200\\\", la url es ejecutada, la respuesta es registrada (tanto en el terminal como en la base de datos) y es incluido en la respuesta. Esto permitir\u00eda a un atacante obtener la direcci\u00f3n IP real y escanear la informaci\u00f3n de la Intranet. Este problema fue corregido en versi\u00f3n 1.0.7\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L\",\"baseScore\":7.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":4.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:databasir:databasir:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.7\",\"matchCriteriaId\":\"6CFB6810-D4F4-428F-B799-30955E9B3D0F\"}]}]}],\"references\":[{\"url\":\"https://github.com/vran-dev/databasir/commit/226c20e0c9124037671a91d6b3e5083bd2462058\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/vran-dev/databasir/releases/tag/v1.0.7\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/vran-dev/databasir/security/advisories/GHSA-qvg8-427f-852q\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/vran-dev/databasir/commit/226c20e0c9124037671a91d6b3e5083bd2462058\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/vran-dev/databasir/releases/tag/v1.0.7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/vran-dev/databasir/security/advisories/GHSA-qvg8-427f-852q\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…