Vulnerabilities > CVE-2022-1592 - Server-Side Request Forgery (SSRF) vulnerability in Clinical-Genomics Scout

CVSS 6.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

clinical-genomics

CWE-918

NVD

Published: 2022-05-05

Updated: 2022-05-12

Summary

Server-Side Request Forgery in scout in GitHub repository clinical-genomics/scout prior to v4.42. An attacker could make the application perform arbitrary requests to fishing steal cookie, request to private area, or lead to xss...

Vulnerable Configurations

Part	Description	Count
Application	Clinical-Genomics Clinical Genomics Scout *	1

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://huntr.dev/bounties/352b39da-0f2e-415a-9793-5480cae8bd27
https://github.com/clinical-genomics/scout/commit/b0ef15f4737d0c801154c1991b52ff5cab4f5c83