cbcvebase.
CVE-2022-1713
published 2022-05-16

CVE-2022-1713: SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request as the server and read its contents. This can lead to a leak…

PriorityP357high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
8.67%
94.5th percentile
SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information.

Affected

2 ranges
VendorProductVersion rangeFixed in
diagramsdrawio< 18.0.418.0.4
jgraphjgraph_drawio>= unspecified < 18.0.418.0.4

Detection & IOCsextracted from sources · hover to see the quote

url/proxy
  • Detect SSRF exploitation attempts targeting the /proxy endpoint in draw.io (jgraph/drawio). Monitor HTTP requests to this path for unexpected internal/metadata service destinations.
  • Nuclei/template detection checks for 'application/octet-stream' in the response header when probing the /proxy endpoint, indicating a successful SSRF probe response from a vulnerable draw.io instance.
  • Fingerprint vulnerable draw.io instances by identifying the application ('Drawio Flowchart Maker & Online Diagram Software') and confirming version is prior to 18.0.4.
  • ·Vulnerability affects jgraph/drawio versions prior to 18.0.4 only. Instances running 18.0.4 or later are not affected.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.