CVE-2022-23206
N/A
N/A
Summary
In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unprivileged user who can reach Traffic Ops over HTTPS can send a specially-crafted POST request to /user/login/oauth to scan a port of a server that Traffic Ops can reach.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Apache Software Foundation | Apache Traffic Control | Traffic Ops < 6.1.0 | affected |
Weaknesses
- CWE-918: CWE-918 Server-Side Request Forgery (SSRF)
Workarounds
6.0.x user should upgrade to 6.1.0. 5.1.x users should upgrade to 5.1.6 or 6.1.0.
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.