Server-Side Request Forgery Vulnerability Exposes Backend Server to Unauthorized Endpoint Interactions

Server-Side Request Forgery Vulnerability Exposes Backend Server to Unauthorized Endpoint Interactions

CVE-2022-40296 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

The application was vulnerable to a Server-Side Request Forgery attacks, allowing the backend server to interact with unexpected endpoints, potentially including internal and local services, leading to attacks in other downstream systems.

Learn more about our Cis Benchmark Audit For Server Software.