CVE-2022-1713
published 2022-05-16CVE-2022-1713: SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request as the server and read its contents. This can lead to a leak…
PriorityP357high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
8.67%
94.5th percentile
SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| diagrams | drawio | < 18.0.4 | 18.0.4 |
| jgraph | jgraph_drawio | >= unspecified < 18.0.4 | 18.0.4 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect SSRF exploitation attempts targeting the /proxy endpoint in draw.io (jgraph/drawio). Monitor HTTP requests to this path for unexpected internal/metadata service destinations. ↗
- →Nuclei/template detection checks for 'application/octet-stream' in the response header when probing the /proxy endpoint, indicating a successful SSRF probe response from a vulnerable draw.io instance.
- →Fingerprint vulnerable draw.io instances by identifying the application ('Drawio Flowchart Maker & Online Diagram Software') and confirming version is prior to 18.0.4.
- ·Vulnerability affects jgraph/drawio versions prior to 18.0.4 only. Instances running 18.0.4 or later are not affected. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Drawio <18.0.4 - Server-Side Request Forgery
nuclei·CVSS 7.5
CVE-2022-1713 [HIGH] Drawio <18.0.4 - Server-Side Request Forgery
Drawio Flowchart Maker & Online Diagram Software"
- type: word
part: header
words:
- "application/octet-stream"
# digest: 4a0a00473045022100a3549685963e029a66af7eb8767956423dbff30d2063f141ff93d4c1093b1aaa022040524d6e57da9b2eede952937a05302dfc471c7c08134f9cc024f2a37aa3405b:922c64590222798bb761d5b6d8e72950
Nuclei
Parallels H-Sphere 3.6.1713 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2022-30777 [MEDIUM] Parallels H-Sphere 3.6.1713 - Cross-Site Scripting
Parallels H-Sphere 3.6.1713 - Cross-Site Scripting
Parallels H-Sphere 3.6.1713 contains a cross-site scripting vulnerability via the index_en.php 'from' parameter.
Template:
id: CVE-2022-30777
info:
name: Parallels H-Sphere 3.6.1713 - Cross-Site Scripting
author: 3th1c_yuk1
severity: medium
description: |
Parallels H-Sphere 3.6.1713 contains a cross-site scripting vulnerability via the index_en.php 'from' parameter.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
remediation: |
Apply the latest security patch or upgrade to a newer version of Parallels H-Sphere to mitigate the XSS vulnerability.
reference:
- https://medium
No writeups or analysis indexed.
2022-05-16
Published