What is the severity of CVE-2022-1379?

CVE-2022-1379 is classified as a high severity vulnerability.

How do I fix CVE-2022-1379?

To fix CVE-2022-1379, you should upgrade PlantUML to version 1.2022.5 or later.

What type of attack is associated with CVE-2022-1379?

CVE-2022-1379 is associated with server-side request forgery (SSRF) attacks.

Which software versions are affected by CVE-2022-1379?

CVE-2022-1379 affects versions of PlantUML prior to 1.2022.5 and Fedora versions 35 and 36.

What vulnerabilities does CVE-2022-1379 allow an attacker to exploit?

CVE-2022-1379 allows an attacker to bypass URL restrictions and access internal resources.

Vulnerability/
CVE-2022-1379

critical

9.1

CWE

918

14/5/2022

3/8/2024

CVE-2022-1379: URL Restriction Bypass in plantuml/plantuml

First published: Sat May 14 2022(Updated: )

URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5. An attacker can abuse this to bypass URL restrictions that are imposed by the different security profiles and achieve server side request forgery (SSRF). This allows accessing restricted internal resources/servers or sending requests to third party servers.

Credit: security@huntr.dev

Affected Software	Affected Version	How to fix
PlantUML	<1.2022.5
Red Hat Fedora	=35
Red Hat Fedora	=36

Remedy

https://github.com/plantuml/plantuml/commit/93e5964e5f35914f3f7b89de620c596795550083

Remedy

https://huntr.dev/bounties/0d737527-86e1-41d1-9d37-b2de36bc063a

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2022-1379?
CVE-2022-1379 is classified as a high severity vulnerability.
How do I fix CVE-2022-1379?
To fix CVE-2022-1379, you should upgrade PlantUML to version 1.2022.5 or later.
What type of attack is associated with CVE-2022-1379?
CVE-2022-1379 is associated with server-side request forgery (SSRF) attacks.
Which software versions are affected by CVE-2022-1379?
CVE-2022-1379 affects versions of PlantUML prior to 1.2022.5 and Fedora versions 35 and 36.
What vulnerabilities does CVE-2022-1379 allow an attacker to exploit?
CVE-2022-1379 allows an attacker to bypass URL restrictions and access internal resources.

agent/type
agent/remedy
collector/mitre-cve
source/MITRE
agent/severity
agent/title
agent/weakness
agent/references
agent/last-modified-date
agent/author
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
vendor/plantuml
canonical/plantuml
vendor/fedoraproject
canonical/red hat fedora
version/red hat fedora/35
version/red hat fedora/36

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.