CVE-2022-37033

Severity CVSS v4.0:

Pending analysis

Type:

CWE-918 Server-Side Request Forgery (SSRF)

Publication date:

01/02/2023

Last modified:

27/03/2025

Description

In dotCMS 5.x-22.06, TempFileAPI allows a user to create a temporary file based on a passed in URL, while attempting to block any SSRF access to local IP addresses or private subnets. In resolving this URL, the TempFileAPI follows any 302 redirects that the remote URL returns. Because there is no re-validation of the redirect URL, the TempFileAPI can be used to return data from those local/private hosts that should not be accessible remotely.

Impact

Vector 3.x

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS v3.1 Severity and Metrics:

Base Score: 6.50 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): None
Availability (A): None

Base Score 3.x

6.50

Severity 3.x

MEDIUM

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:a:dotcms:dotcms:::::lts:::*		21.06.12 (excluding)
cpe:2.3:a:dotcms:dotcms:::::-:::*	5.2.0 (including)	22.08 (excluding)
cpe:2.3:a:dotcms:dotcms:::::lts:::*	22.03 (including)	22.03.4 (excluding)

To consult the complete list of CPE names with products and versions, see this page

CVE-2022-37033

Description

Impact

Vulnerable products and versions

References to Advisories, Solutions, and Tools