Vulnerabilities > CVE-2022-1592 - Server-Side Request Forgery (SSRF) vulnerability in Clinical-Genomics Scout

CVSS 8.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

LOW

Availability impact

NONE

network

low complexity

clinical-genomics

CWE-918

NVD

Published: 2022-05-05

Updated: 2022-05-12

Summary

Server-Side Request Forgery in scout in GitHub repository clinical-genomics/scout prior to v4.42. An attacker could make the application perform arbitrary requests to fishing steal cookie, request to private area, or lead to xss...

Vulnerable Configurations

Part	Description	Count
Application	Clinical-Genomics Clinical Genomics Scout - Clinical Genomics Scout 0.2 Clinical Genomics Scout 0.2.0 Clinical Genomics Scout 1.0.0 Clinical Genomics Scout 1.0.2 Clinical Genomics Scout 1.1.0 Clinical Genomics Scout 1.2.0 Clinical Genomics Scout 1.2.1 Clinical Genomics Scout 1.2.2 Clinical Genomics Scout 1.3.0 Clinical Genomics Scout 1.4.0 Clinical Genomics Scout 1.5.0 Clinical Genomics Scout 2.0.0 Clinical Genomics Scout 2.1.0 Clinical Genomics Scout 3.0.0 Clinical Genomics Scout 3.1.0 Clinical Genomics Scout 3.2.0 Clinical Genomics Scout 3.3.0 Clinical Genomics Scout 3.4.0 Clinical Genomics Scout 3.4.1 Clinical Genomics Scout 3.5.0 Clinical Genomics Scout 3.5.1 Clinical Genomics Scout 3.5.2 Clinical Genomics Scout 4.0.0 Clinical Genomics Scout 4.1.0 Clinical Genomics Scout 4.1.1 Clinical Genomics Scout 4.1.2 Clinical Genomics Scout 4.1.3 Clinical Genomics Scout 4.1.4 Clinical Genomics Scout 4.2.0 Clinical Genomics Scout 4.2.1 Clinical Genomics Scout 4.2.2 Clinical Genomics Scout 4.3 Clinical Genomics Scout 4.3.1 Clinical Genomics Scout 4.3.2 Clinical Genomics Scout 4.3.3 Clinical Genomics Scout 4.4.0 Clinical Genomics Scout 4.4.1 Clinical Genomics Scout 4.5.0 Clinical Genomics Scout 4.5.1 Clinical Genomics Scout 4.6.0 Clinical Genomics Scout 4.6.1 Clinical Genomics Scout 4.7.0 Clinical Genomics Scout 4.7.1 Clinical Genomics Scout 4.7.2 Clinical Genomics Scout 4.7.3 Clinical Genomics Scout 4.8.0 Clinical Genomics Scout 4.8.1 Clinical Genomics Scout 4.8.2 Clinical Genomics Scout 4.8.3 Clinical Genomics Scout 4.9.0 Clinical Genomics Scout 4.10.0 Clinical Genomics Scout 4.10.1 Clinical Genomics Scout 4.11 Clinical Genomics Scout 4.11.1 Clinical Genomics Scout 4.12 Clinical Genomics Scout 4.12.1 Clinical Genomics Scout 4.12.2 Clinical Genomics Scout 4.12.3 Clinical Genomics Scout 4.12.4 Clinical Genomics Scout 4.13 Clinical Genomics Scout 4.13.1 Clinical Genomics Scout 4.14 Clinical Genomics Scout 4.14.1 Clinical Genomics Scout 4.15 Clinical Genomics Scout 4.15.1 Clinical Genomics Scout 4.16 Clinical Genomics Scout 4.16.1 Clinical Genomics Scout 4.17 Clinical Genomics Scout 4.17.1 Clinical Genomics Scout 4.18 Clinical Genomics Scout 4.19 Clinical Genomics Scout 4.20 Clinical Genomics Scout 4.21 Clinical Genomics Scout 4.21.1 Clinical Genomics Scout 4.21.2 Clinical Genomics Scout 4.22 Clinical Genomics Scout 4.23 Clinical Genomics Scout 4.24 Clinical Genomics Scout 4.24.1 Clinical Genomics Scout 4.25 Clinical Genomics Scout 4.26 Clinical Genomics Scout 4.26.1 Clinical Genomics Scout 4.27 Clinical Genomics Scout 4.28 Clinical Genomics Scout 4.29 Clinical Genomics Scout 4.29.1 Clinical Genomics Scout 4.30 Clinical Genomics Scout 4.30.1 Clinical Genomics Scout 4.30.2 Clinical Genomics Scout 4.31 Clinical Genomics Scout 4.31.1 Clinical Genomics Scout 4.32 Clinical Genomics Scout 4.32.1 Clinical Genomics Scout 4.33 Clinical Genomics Scout 4.33.1 Clinical Genomics Scout 4.34 Clinical Genomics Scout 4.35 Clinical Genomics Scout 4.36 Clinical Genomics Scout 4.37 Clinical Genomics Scout 4.38 Clinical Genomics Scout 4.39 Clinical Genomics Scout 4.40 Clinical Genomics Scout 4.40.1 Clinical Genomics Scout 4.41 Clinical Genomics Scout 4.41.1	109

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References