CVE-2022-31196 Information
Description
Databasir is a database metadata management platform. Databasir <= 1.06 has Server-Side Request Forgery (SSRF) vulnerability. The SSRF is triggered by a sending a single HTTP POST request to create a databaseType. By supplying a jdbcDriverFileUrl that returns a non 200 response code the url is executed the response is logged (both in terminal and in database) and is included in the response. This would allow an attackers to obtain the real IP address and scan Intranet information. This issue was fixed in version 1.0.7.
Reference
https://github.com/vran-dev/databasir/releases/tag/v1.0.7
https://github.com/vran-dev/databasir/security/advisories/GHSA-qvg8-427f-852q
https://github.com/vran-dev/databasir/commit/226c20e0c9124037671a91d6b3e5083bd2462058
Databasir
is
a
database
metadata
management
platform.
Databasir
<=
1.06
has
Server-Side
Request
Forgery
(SSRF)
vulnerability.
The
SSRF
is
triggered
by
a
sending
a
single
HTTP
POST
request
to
create
a
databaseType.
By
supplying
a
jdbcDriverFileUrl
that
returns
a
non
200
response
code
the
url
is
executed
the
response
is
logged
(both
in
terminal
and
in
database)
and
is
included
in
the
response.
This
would
allow
an
attackers
to
obtain
the
real
IP
address
and
scan
Intranet
information.
This
issue
was
fixed
in
version
1.0.7.