Vulnerabilities > CVE-2022-39383 - Server-Side Request Forgery (SSRF) vulnerability in Linuxfoundation Kubevela

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
linuxfoundation
CWE-918

Summary

KubeVela is an open source application delivery platform. Users using the VelaUX APIServer could be affected by this vulnerability. When using Helm Chart as the component delivery method, the request address of the warehouse is not restricted, and there is a blind SSRF vulnerability. Users who're using v1.6, please update the v1.6.1. Users who're using v1.5, please update the v1.5.8. There are no known workarounds for this issue.

Vulnerable Configurations

Part Description Count
Application
Linuxfoundation
136

Common Weakness Enumeration (CWE)