Vulnerability Description
OpenRefine <= v3.5.2 contains a Server-Side Request Forgery (SSRF) vulnerability, which permits unauthorized users to exploit the system, potentially leading to unauthorized access to internal resources and sensitive file disclosure.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openrefine | Openrefine | <= 3.5.2 |
Related Weaknesses (CWE)
References
- https://github.com/OpenRefine/OpenRefine/blob/30d6edb7b6586623bda09456c797c35983Third Party Advisory
- https://github.com/OpenRefine/OpenRefine/blob/cb55cdfdf6f9ca916839778dc847cce803Third Party Advisory
- https://github.com/ixSly/CVE-2022-41401Exploit
- https://github.com/OpenRefine/OpenRefine/blob/30d6edb7b6586623bda09456c797c35983Third Party Advisory
- https://github.com/OpenRefine/OpenRefine/blob/cb55cdfdf6f9ca916839778dc847cce803Third Party Advisory
- https://github.com/ixSly/CVE-2022-41401Exploit
FAQ
What is CVE-2022-41401?
CVE-2022-41401 is a vulnerability with a CVSS score of 6.5 (MEDIUM). OpenRefine <= v3.5.2 contains a Server-Side Request Forgery (SSRF) vulnerability, which permits unauthorized users to exploit the system, potentially leading to unauthorized access to internal resourc...
How severe is CVE-2022-41401?
CVE-2022-41401 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-41401?
Check the references section above for vendor advisories and patch information. Affected products include: Openrefine Openrefine.