CVE ID Request - bramw/baserow
Vulnerability Submission
NOTE: Only maintainers of GitLab-hosted projects may request a CVE for a vulnerability within their project.
Project issue: bramw/baserow#370
Publishing Schedule
After a CVE request is validated, a CVE identifier will be assigned. On what schedule should the details of the CVE be published?
-
Publish immediately -
Wait to publish
---
reporter:
name: "Bram Wiepjes"
email: "bram@baserow.io"
vulnerability:
description: "SSRF in URL file upload in Baserow <1.1.0 allows remote authenticated
users to retrieve files from the internal server network exposed over HTTP by
inserting an internal address."
cwe: "CWE-918"
product:
gitlab_path: "bramw/baserow"
vendor: "Baserow B.V."
name: "Baserow"
affected_versions:
- ">0.6.0, <1.1.0"
fixed_versions:
- "1.1.0"
impact: "AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"
solution: Upgrade to version 1.1.0 or above.
credit: "Thanks [CaptainFreak](https://github.com/CaptainFreak) for reporting this
vulnerability and for advising how to fix it."
references:
- "https://gitlab.com/bramw/baserow/-/issues/370"
- "https://baserow.io/blog/march-2021-release-of-baserow"
CVSS scores can be computed by means of the NVD CVSS Calculator.
Edited by 🤖 GitLab Bot 🤖