CVE-2022-39383: SSRF vulnerability in KubeVela VelaUX APIServer
First published: Wed Nov 16 2022(Updated: )
### Impact Users using the VelaUX APIServer could be affected by this vulnerability. When using Helm Chart as the component delivery method, the request address of the warehouse is not restricted, and there is a blind SSRF vulnerability. This issue is patched in 1.5.9 and 1.6.2. ### References Fix by: #5000 ### For more information If you have any questions or comments about this advisory: * Open an issue in [KubeVela repo](https://github.com/kubevela/kubevela) * Email us at [here](https://github.com/kubevela/kubevela#contact-us)
Credit: security-advisories@github.com security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linuxfoundation Kubevela | <1.5.9 | |
| Linuxfoundation Kubevela | >=1.6.0<1.6.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/github-advisory-latest
- alias/GHSA-m5xf-x7q6-3rm7
- alias/CVE-2022-39383
- collector/github-advisory
- collector/nvd-index
- collector/nvd-cve
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/remedy
- agent/last-modified-date
- agent/title
- agent/weakness
- agent/severity
- agent/first-publish-date
- agent/event
- agent/description
- agent/tags
- agent/trending
- package-manager/go
- vendor/linuxfoundation
- canonical/linuxfoundation kubevela
- version/linuxfoundation kubevela/1.6.0