// For flags

CVE-2022-29180

Charm vulnerable to server-side request forgery (SSRF)

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A vulnerability in which attackers could forge HTTP requests to manipulate the `charm` data directory to access or delete anything on the server. This has been patched and is available in release [v0.12.1](https://github.com/charmbracelet/charm/releases/tag/v0.12.1). We recommend that all users running self-hosted `charm` instances update immediately. This vulnerability was found in-house and we haven't been notified of any potential exploiters. ### Additional notes * Encrypted user data uploaded to the Charm server is safe as Charm servers cannot decrypt user data. This includes filenames, paths, and all key-value data. * Users running the official Charm [Docker images](https://github.com/charmbracelet/charm/blob/main/docker.md) are at minimal risk because the exploit is limited to the containerized filesystem.

Una vulnerabilidad en la que los atacantes podían falsificar peticiones HTTP para manipular el directorio de datos "charm" para acceder o eliminar cualquier cosa en el servidor. Esto ha sido parcheado y está disponible en versión [v0.12.1](https://github.com/charmbracelet/charm/releases/tag/v0.12.1). Recomendamos a todos los usuarios que ejecuten instancias de "charm" autoalojadas que actualicen inmediatamente. Esta vulnerabilidad fue encontrada internamente y no hemos sido notificados de ningún potencial explotador. ### Notas adicionales ### Los datos de usuario encriptados que son subidos al servidor de Charm son seguros, ya que los servidores de Charm no pueden desencriptar los datos del usuario. Esto incluye nombres de archivos, rutas y todos los datos de valor clave. * Los usuarios que ejecutan las [imágenes Docker] oficiales de Charm (https://github.com/charmbracelet/charm/blob/main/docker.md) corren un riesgo mínimo porque la explotación es limitada al sistema de archivos en contenedores

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-04-13 CVE Reserved
  • 2022-05-07 CVE Published
  • 2023-11-27 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-918: Server-Side Request Forgery (SSRF)
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Charm
Search vendor "Charm"
 Charm
Search vendor "Charm" for product "Charm"
 >= 0.9.0 < 0.12.1
Search vendor "Charm" for product "Charm" and version " >= 0.9.0 < 0.12.1"
-
Affected