// For flags

CVE-2022-35583

wkhtmltopdf 0.12.6 - Server Side Request Forgery

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

3
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

wkhtmlTOpdf 0.12.6 is vulnerable to SSRF which allows an attacker to get initial access into the target's system by injecting iframe tag with initial asset IP address on it's source. This allows the attacker to takeover the whole infrastructure by accessing their internal assets.

wkhtmlTOpdf versión 0.12.6, es vulnerable a un ataque de tipo SSRF que permite a un atacante conseguir acceso inicial en el sistema del objetivo al inyectar una etiqueta iframe con la dirección IP del activo inicial en su origen. Esto permite al atacante tomar el control de toda la infraestructura accediendo a sus activos internos.

wkhtmltopdf version 0.12.6 suffers from a server-side request forgery vulnerability.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-07-11 CVE Reserved
  • 2022-08-22 CVE Published
  • 2023-03-23 First Exploit
  • 2024-08-03 CVE Updated
  • 2024-11-13 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-918: Server-Side Request Forgery (SSRF)
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Wkhtmltopdf
Search vendor "Wkhtmltopdf"
 Wkhtmltopdf
Search vendor "Wkhtmltopdf" for product "Wkhtmltopdf"
 0.12.6
Search vendor "Wkhtmltopdf" for product "Wkhtmltopdf" and version "0.12.6"
-
Affected