Executive Summary

Informations
Name CVE-2023-22493 First vendor Publication 2023-01-13
Vendor Cve Last vendor Modification 2023-03-07

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Overall CVSS Score 7.5
Base Score 7.5 Environmental Score 7.5
impact SubScore 3.6 Temporal Score 7.5
Exploitabality Sub Score 3.9
 
Attack Vector Network Attack Complexity Low
Privileges Required None User Interaction None
Scope Unchanged Confidentiality Impact High
Integrity Impact None Availability Impact None
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

RSSHub is an open source RSS feed generator. RSSHub is vulnerable to Server-Side Request Forgery (SSRF) attacks. This vulnerability allows an attacker to send arbitrary HTTP requests from the server to other servers or resources on the network. An attacker can exploit this vulnerability by sending a request to the affected routes with a malicious URL. An attacker could also use this vulnerability to send requests to internal or any other servers or resources on the network, potentially gain access to sensitive information that would not normally be accessible and amplifying the impact of the attack. The patch for this issue can be found in commit a66cbcf.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22493

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

Sources (Detail)

Source Url
MISC https://github.com/DIYgod/RSSHub/commit/a66cbcf6eebc700bf97ab097f404f16ab415506a
https://github.com/DIYgod/RSSHub/pull/11588
https://github.com/DIYgod/RSSHub/security/advisories/GHSA-64wp-jh9p-5cg2

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2023-03-08 00:27:29
  • Multiple Updates
2023-01-23 21:27:16
  • Multiple Updates
2023-01-13 21:27:14
  • First insertion