CVE-2022-24980 in Kitodo.Presentationinfo

Summary

by MITRE • 02/19/2022

An issue was discovered in the Kitodo.Presentation (aka dif) extension before 2.3.2, 3.x before 3.2.3, and 3.3.x before 3.3.4 for TYPO3. A missing access check in an eID script allows an unauthenticated user to submit arbitrary URLs to this component. This results in SSRF, allowing attackers to view the content of any file or webpage the webserver has access to.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservation

02/13/2022

Disclosure

02/19/2022

Moderation

accepted

Entry

VDB-193530

CPE

ready

CWE

CWE-918 (confirmed)

CVSS

6.3 (VulDB)

EPSS

0.01182

KEV

Activities

very low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2022-24980
NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-24980
CVE Details	https://www.cvedetails.com/cve/CVE-2022-24980/

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!