CVE-2022-2062 – nocodb

Package

Manager: npm
Name: nocodb
Vulnerable Version: >=0 <0.91.7

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.01149 pctl0.77674

Details

NocoDB information disclosure vulnerability In NocoDB prior to 0.91.7, the SMTP plugin doesn't have verification or validation. This allows attackers to make requests to internal servers and read the contents.

Metadata

Created: 2022-06-14T00:00:37Z
Modified: 2023-06-30T20:40:22Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/06/GHSA-mx8q-jqwm-85mv/GHSA-mx8q-jqwm-85mv.json
CWE IDs: ["CWE-200", "CWE-209", "CWE-918"]
Alternative ID: GHSA-mx8q-jqwm-85mv
Finding: F037
Auto approve: 1