Vulnerabilities > CVE-2021-22255 - Server-Side Request Forgery (SSRF) vulnerability in Baserow

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

baserow

CWE-918

NVD

Published: 2021-08-20

Updated: 2021-08-30

Summary

SSRF in URL file upload in Baserow <1.1.0 allows remote authenticated users to retrieve files from the internal server network exposed over HTTP by inserting an internal address.

Vulnerable Configurations

Part	Description	Count
Application	Baserow Baserow Baserow *	1

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://gitlab.com/bramw/baserow/-/issues/370
https://baserow.io/blog/march-2021-release-of-baserow
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22255.json