CVE-2022-40305: Server-Side Request Forgery (SSRF)

September 9, 2022 (updated September 10, 2022)

A Server-Side Request Forgery issue in Canto Cumulus through 11.1.3 allows attackers to enumerate the internal network, overload network resources, and possibly have unspecified other impact via the server parameter to the /cwc/login login form.

References

nvd.nist.gov/vuln/detail/CVE-2022-40305
www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-023.txt

Code Behaviors & Features

Detect and mitigate CVE-2022-40305 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →