Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#1033251: wordpress: CVE-2022-3590
63 views
Skip to first unread message
Moritz Mühlenhoff
Mar 20, 2023, 3:10:04 PM3/20/23
to
Source: wordpress
X-Debbugs-CC: te...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for wordpress.
CVE-2022-3590[0]:
| WordPress is affected by an unauthenticated blind SSRF in the pingback
| feature. Because of a TOCTOU race condition between the validation
| checks and the HTTP request, attackers can reach internal hosts that
| are explicitly forbidden.
Only reference here is
https://www.sonarsource.com/blog/wordpress-core-unauthenticated-blind-ssrf/
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-3590
https://www.cve.org/CVERecord?id=CVE-2022-3590
Please adjust the affected versions in the BTS as needed.
X-Debbugs-CC: te...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for wordpress.
CVE-2022-3590[0]:
| WordPress is affected by an unauthenticated blind SSRF in the pingback
| feature. Because of a TOCTOU race condition between the validation
| checks and the HTTP request, attackers can reach internal hosts that
| are explicitly forbidden.
Only reference here is
https://www.sonarsource.com/blog/wordpress-core-unauthenticated-blind-ssrf/
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-3590
https://www.cve.org/CVERecord?id=CVE-2022-3590
Please adjust the affected versions in the BTS as needed.
0 new messages