Home > Vulnerability Database > CVE-2022-39383

Mend.io Vulnerability Database

CVE-2022-39383

Good to know:

Date: November 15, 2022

KubeVela is an open source application delivery platform. Users using the VelaUX APIServer could be affected by this vulnerability. When using Helm Chart as the component delivery method, the request address of the warehouse is not restricted, and there is a blind SSRF vulnerability. Users who're using v1.6, please update the v1.6.1. Users who're using v1.5, please update the v1.5.8. There are no known workarounds for this issue.

Language: Go

Severity Score

4.9

Related Resources (6)

Url: https://github.com/kubevela/kubevela/security/advisories/GHSA-m5xf-x7q6-3rm7

Url: https://github.com/kubevela/kubevela

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-39383

Url: https://pkg.go.dev/vuln/GO-2022-1113

Url: https://github.com/kubevela/kubevela/pull/5000

Url: https://www.mend.io/vulnerability-database/CVE-2022-39383

Severity Score

4.9

Weakness Type (CWE)

Server-Side Request Forgery (SSRF)

CWE-918

Top Fix

Upgrade Version

Upgrade to version v1.5.9,v1.6.1

Learn More

CVSS v3.1

Base Score:	4.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-39383

Good to know:

Date: November 15, 2022

Language: Go

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?