Vulnerabilities > CVE-2021-22255 - Server-Side Request Forgery (SSRF) vulnerability in Baserow

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

baserow

CWE-918

NVD

Published: 2021-08-20

Updated: 2024-11-21

Summary

SSRF in URL file upload in Baserow <1.1.0 allows remote authenticated users to retrieve files from the internal server network exposed over HTTP by inserting an internal address.

Vulnerable Configurations

Part	Description	Count
Application	Baserow Baserow Baserow *	1

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://baserow.io/blog/march-2021-release-of-baserow
https://baserow.io/blog/march-2021-release-of-baserow
https://gitlab.com/bramw/baserow/-/issues/370
https://gitlab.com/bramw/baserow/-/issues/370
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22255.json
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22255.json