Home > Vulnerability Database > CVE-2022-41949

Mend.io Vulnerability Database

CVE-2022-41949

Good to know:

Date: December 8, 2022

DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. In affected versions an authenticated DHIS2 user can craft a request to DHIS2 to instruct the server to make requests to external resources (like third party servers). This could allow an attacker, for example, to identify vulnerable services which might not be otherwise exposed to the public internet or to determine whether a specific file is present on the DHIS2 server. DHIS2 administrators should upgrade to the following hotfix releases: 2.36.12.1, 2.37.8.1, 2.38.2.1, 2.39.0.1. At this time, there is no known workaround or mitigation for this vulnerability.

Language: Java

Severity Score

5.0

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-41949

Url: https://github.com/dhis2/dhis2-core/commit/dc3166c216da53e12a16bfdc51055823b838c1c3

Url: https://github.com/dhis2/dhis2-core/security/advisories/GHSA-6qh9-rxc8-7943

Url: https://www.mend.io/vulnerability-database/CVE-2022-41949

Severity Score

5.0

Weakness Type (CWE)

Server-Side Request Forgery (SSRF)

CWE-918

Top Fix

Upgrade Version

Upgrade to version 2.36.12.1,2.37.8.1,2.38.2.1,2.39.0.1

Learn More

CVSS v3.1

Base Score:	5.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-41949

Good to know:

Date: December 8, 2022

Language: Java

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?