Server-Side Request Forgery Vulnerability Exposes Backend Server to Unauthorized Endpoint Interactions
CVE-2022-40296 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
The application was vulnerable to a Server-Side Request Forgery attacks, allowing the backend server to interact with unexpected endpoints, potentially including internal and local services, leading to attacks in other downstream systems.
Learn more about our Cis Benchmark Audit For Server Software.