Vulnerabilities > CVE-2022-23644 - Server-Side Request Forgery (SSRF) vulnerability in Joinbookwyrm Bookwyrm

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
joinbookwyrm
CWE-918
NVD
Published: 2022-02-16
Updated: 2022-02-25

Summary

BookWyrm is a decentralized social network for tracking reading habits and reviewing books. The functionality to load a cover via url is vulnerable to a server-side request forgery attack. Any BookWyrm instance running a version prior to v0.3.0 is susceptible to attack from a logged-in user. The problem has been patched and administrators should upgrade to version 0.3.0 As a workaround, BookWyrm instances can close registration and limit members to trusted individuals.

Vulnerable Configurations

Part Description Count
Application
Joinbookwyrm
6

Common Weakness Enumeration (CWE)

References