CVE-2022-2339 – Server-Side Request Forgery (SSRF) in nocodb/nocodb
https://notcve.org/view.php?id=CVE-2022-2339
With this SSRF vulnerability, an attacker can reach internal addresses to make a request as the server and read it's contents. This attack can lead to leak of sensitive information. Con esta vulnerabilidad de tipo SSRF, un atacante puede llegar a direcciones internas para hacer una petición como el servidor y leer su contenido. Este ataque puede conllevar a una filtrado de información confidencial • https://github.com/nocodb/nocodb/commit/000ecd886738b965b5997cd905825e3244f48b95 https://huntr.dev/bounties/fff06de8-2a82-49b1-8e81-968731e87eef • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2022-2079 – Cross-site Scripting (XSS) - Stored in nocodb/nocodb
https://notcve.org/view.php?id=CVE-2022-2079
Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb prior to 0.91.7+. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Almacenado en el repositorio GitHub nocodb/nocodb versiones anteriores a 0.91.7+ • https://github.com/nocodb/nocodb/commit/362f8f0869989bc13bdcd66c6fc9c86ac79b9992 https://huntr.dev/bounties/2615adf2-ff40-4623-97fb-2e4a3800202a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-2064 – Insufficient Session Expiration in nocodb/nocodb
https://notcve.org/view.php?id=CVE-2022-2064
Insufficient Session Expiration in GitHub repository nocodb/nocodb prior to 0.91.7+. Una Expiración de Sesión Insuficiente en el repositorio de GitHub nocodb/nocodb versiones anteriores a 0.91.7+ • https://github.com/nocodb/nocodb/commit/c9b5111b25aea2781e19395a8e9107ddbd235a2b https://huntr.dev/bounties/39523d51-fc5c-48b8-a082-171da79761bb • CWE-613: Insufficient Session Expiration •
CVE-2022-2063 – Improper Privilege Management in nocodb/nocodb
https://notcve.org/view.php?id=CVE-2022-2063
Improper Privilege Management in GitHub repository nocodb/nocodb prior to 0.91.7+. Una Administración inapropiada de Privilegios en el repositorio de GitHub nocodb/nocodb versiones anteriores a 0.91.7+ • https://github.com/nocodb/nocodb/commit/269a19c2ad89a0e8a7596498e3806ff2ec1040c2 https://huntr.dev/bounties/156f405b-21d6-4384-9bff-17ebfe484e20 • CWE-269: Improper Privilege Management •
CVE-2022-2062 – Generation of Error Message Containing Sensitive Information in nocodb/nocodb
https://notcve.org/view.php?id=CVE-2022-2062
Generation of Error Message Containing Sensitive Information in GitHub repository nocodb/nocodb prior to 0.91.7+. Una Exposición de Información Confidencial a un Actor no Autorizado en el repositorio de GitHub nocodb/nocodb versiones anteriores a 0.91.7+ • https://github.com/nocodb/nocodb/commit/a18f5dd53811b9ec1c1bb2fdbfb328c0c87d7fb4 https://huntr.dev/bounties/35593b4c-f127-4699-8ad3-f0b2203a8ef6 • CWE-209: Generation of Error Message Containing Sensitive Information •