CVE-2022-3708

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-3708

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-3708.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-3708

Published

2022-10-28T19:15:10Z

Modified

2025-01-15T02:34:13.305614Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

The Web Stories plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including 1.24.0 due to insufficient validation of URLs supplied via the 'url' parameter found via the /v1/hotlink/proxy REST API Endpoint. This makes it possible for authenticated users to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

References

Affected packages

Git / github.com/googleforcreators/web-stories-wp

Affected ranges

Type: GIT
Repo: https://github.com/googleforcreators/web-stories-wp
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

3ad2099f95155d658624ffac2e34ce0da739e34b

Fixed

3ad2099f95155d658624ffac2e34ce0da739e34b

Affected versions

animation-v0.*

animation-v0.1.202202071716

animation-v0.1.202203010801

animation-v0.1.202203150806

animation-v0.1.202203241635

animation-v0.1.202204141511

animation-v0.1.202205021257

animation-v0.1.202206201534

animation-v0.1.202206271222

animation-v0.1.202207041221

animation-v0.1.202208081316

animation-v0.1.202208151234

animation-v0.1.202208291229

dashboard-v0.*

dashboard-v0.1.202202071716

dashboard-v0.1.202203010801

dashboard-v0.1.202203150806

dashboard-v0.1.202203241635

dashboard-v0.1.202204141511

dashboard-v0.1.202205021257

dashboard-v0.1.202206201534

dashboard-v0.1.202206271222

dashboard-v0.1.202207041221

dashboard-v0.1.202208081316

dashboard-v0.1.202208151234

dashboard-v0.1.202208291229

date-v0.*

date-v0.1.202202071716

date-v0.1.202203010801

date-v0.1.202203150806

date-v0.1.202203241635

date-v0.1.202204141511

date-v0.1.202205021257

date-v0.1.202206201534

date-v0.1.202206271222

date-v0.1.202207041221

date-v0.1.202208081316

date-v0.1.202208151234

date-v0.1.202208291229

design-system-v0.*

design-system-v0.1.202202071716

design-system-v0.1.202203010801

design-system-v0.1.202203150806

design-system-v0.1.202203241635

design-system-v0.1.202204141511

design-system-v0.1.202205021257

design-system-v0.1.202206201534

design-system-v0.1.202206271222

design-system-v0.1.202207041221

design-system-v0.1.202208081316

design-system-v0.1.202208151234

design-system-v0.1.202208291229

dom-v0.*

dom-v0.1.202203010801

dom-v0.1.202203150806

dom-v0.1.202203241635

dom-v0.1.202204141511

dom-v0.1.202205021257

dom-v0.1.202206201534

dom-v0.1.202206271222

dom-v0.1.202207041221

dom-v0.1.202208081316

dom-v0.1.202208151234

dom-v0.1.202208291229

element-library-v0.*

element-library-v0.1.202203241635

element-library-v0.1.202204141511

element-library-v0.1.202205021257

element-library-v0.1.202206201534

element-library-v0.1.202206271222

element-library-v0.1.202207041221

element-library-v0.1.202208081316

element-library-v0.1.202208151234

element-library-v0.1.202208291229

elements-v0.*

elements-v0.1.202203241635

elements-v0.1.202204141511

elements-v0.1.202205021257

elements-v0.1.202206201534

elements-v0.1.202206271222

elements-v0.1.202207041221

elements-v0.1.202208081316

elements-v0.1.202208151234

elements-v0.1.202208291229

fonts-v0.*

fonts-v0.1.202202071716

fonts-v0.1.202203010801

fonts-v0.1.202203150806

fonts-v0.1.202203241635

fonts-v0.1.202204141511

fonts-v0.1.202205021257

fonts-v0.1.202206201534

fonts-v0.1.202206271222

fonts-v0.1.202207041221

fonts-v0.1.202208081316

fonts-v0.1.202208151234

fonts-v0.1.202208291229

i18n-v0.*

i18n-v0.1.202202071716

i18n-v0.1.202203010801

i18n-v0.1.202203150806

i18n-v0.1.202203241635

i18n-v0.1.202204141511

i18n-v0.1.202205021257

i18n-v0.1.202206201534

i18n-v0.1.202206271222

i18n-v0.1.202207041221

i18n-v0.1.202208081316

i18n-v0.1.202208151234

i18n-v0.1.202208291229

masks-v0.*

masks-v0.1.202203241635

masks-v0.1.202204141511

masks-v0.1.202205021257

masks-v0.1.202206201534

masks-v0.1.202206271222

masks-v0.1.202207041221

masks-v0.1.202208081316

masks-v0.1.202208151234

masks-v0.1.202208291229

media-v0.*

media-v0.1.202202071716

media-v0.1.202203010801

media-v0.1.202203150806

media-v0.1.202203241635

media-v0.1.202204141511

media-v0.1.202205021257

media-v0.1.202206201534

media-v0.1.202206271222

media-v0.1.202207041221

media-v0.1.202208081316

media-v0.1.202208151234

media-v0.1.202208291229

migration-v0.*

migration-v0.1.202202071716

migration-v0.1.202203010801

migration-v0.1.202203150806

migration-v0.1.202203241635

migration-v0.1.202204141511

migration-v0.1.202205021257

migration-v0.1.202206201534

migration-v0.1.202206271222

migration-v0.1.202207041221

migration-v0.1.202208081316

migration-v0.1.202208151234

migration-v0.1.202208291229

moveable-v0.*

moveable-v0.1.202202071716

moveable-v0.1.202203010801

moveable-v0.1.202203150806

moveable-v0.1.202203241635

moveable-v0.1.202204141511

moveable-v0.1.202205021257

moveable-v0.1.202206201534

moveable-v0.1.202206271222

moveable-v0.1.202207041221

moveable-v0.1.202208081316

moveable-v0.1.202208151234

moveable-v0.1.202208291229

output-v0.*

output-v0.1.202203241635

output-v0.1.202204141511

output-v0.1.202205021257

output-v0.1.202206201534

output-v0.1.202206271222

output-v0.1.202207041221

output-v0.1.202208081316

output-v0.1.202208151234

output-v0.1.202208291229

patterns-v0.*

patterns-v0.1.202202071716

patterns-v0.1.202203010801

patterns-v0.1.202203150806

patterns-v0.1.202203241635

patterns-v0.1.202204141511

patterns-v0.1.202205021257

patterns-v0.1.202206201534

patterns-v0.1.202206271222

patterns-v0.1.202207041221

patterns-v0.1.202208081316

patterns-v0.1.202208151234

patterns-v0.1.202208291229

react-v0.*

react-v0.1.202202071716

react-v0.1.202203010801

react-v0.1.202203150806

react-v0.1.202203241635

react-v0.1.202204141511

react-v0.1.202205021257

react-v0.1.202206201534

react-v0.1.202206271222

react-v0.1.202207041221

react-v0.1.202208081316

react-v0.1.202208151234

react-v0.1.202208291229

rich-text-v0.*

rich-text-v0.1.202203010801

rich-text-v0.1.202203150806

rich-text-v0.1.202203241635

rich-text-v0.1.202204141511

rich-text-v0.1.202205021257

rich-text-v0.1.202206201534

rich-text-v0.1.202206271222

rich-text-v0.1.202207041221

rich-text-v0.1.202208081316

rich-text-v0.1.202208151234

rich-text-v0.1.202208291229

stickers-v0.*

stickers-v0.1.202202071716

stickers-v0.1.202203010801

stickers-v0.1.202203150806

stickers-v0.1.202203241635

stickers-v0.1.202204141511

stickers-v0.1.202205021257

stickers-v0.1.202206201534

stickers-v0.1.202206271222

stickers-v0.1.202207041221

stickers-v0.1.202208081316

stickers-v0.1.202208151234

stickers-v0.1.202208291229

story-editor-v0.*

story-editor-v0.1.202202071716

story-editor-v0.1.202203010801

story-editor-v0.1.202203150806

story-editor-v0.1.202203241635

story-editor-v0.1.202204141511

story-editor-v0.1.202205021257

story-editor-v0.1.202206201534

story-editor-v0.1.202206271222

story-editor-v0.1.202207041221

story-editor-v0.1.202208081316

story-editor-v0.1.202208151234

story-editor-v0.1.202208291229

templates-v0.*

templates-v0.1.202202071716

templates-v0.1.202203010801

templates-v0.1.202203150806

templates-v0.1.202203241635

templates-v0.1.202204141511

templates-v0.1.202205021257

templates-v0.1.202206201534

templates-v0.1.202206271222

templates-v0.1.202207041221

templates-v0.1.202208081316

templates-v0.1.202208151234

templates-v0.1.202208291229

text-sets-v0.*

text-sets-v0.1.202202071716

text-sets-v0.1.202203010801

text-sets-v0.1.202203150806

text-sets-v0.1.202203241635

text-sets-v0.1.202204141511

text-sets-v0.1.202205021257

text-sets-v0.1.202206201534

text-sets-v0.1.202206271222

text-sets-v0.1.202207041221

text-sets-v0.1.202208081316

text-sets-v0.1.202208151234

text-sets-v0.1.202208291229

tracking-v0.*

tracking-v0.1.202202071716

tracking-v0.1.202203010801

tracking-v0.1.202203150806

tracking-v0.1.202203241635

tracking-v0.1.202204141511

tracking-v0.1.202205021257

tracking-v0.1.202206201534

tracking-v0.1.202206271222

tracking-v0.1.202207041221

tracking-v0.1.202208081316

tracking-v0.1.202208151234

tracking-v0.1.202208291229

transform-v0.*

transform-v0.1.202202071716

transform-v0.1.202203010801

transform-v0.1.202203150806

transform-v0.1.202203241635

transform-v0.1.202204141511

transform-v0.1.202205021257

transform-v0.1.202206201534

transform-v0.1.202206271222

transform-v0.1.202207041221

transform-v0.1.202208081316

transform-v0.1.202208151234

transform-v0.1.202208291229

units-v0.*

units-v0.1.202202071716

units-v0.1.202203010801

units-v0.1.202203150806

units-v0.1.202203241635

units-v0.1.202204141511

units-v0.1.202205021257

units-v0.1.202206201534

units-v0.1.202206271222

units-v0.1.202207041221

units-v0.1.202208081316

units-v0.1.202208151234

units-v0.1.202208291229

url-v0.*

url-v0.1.202203010801

url-v0.1.202203150806

url-v0.1.202203241635

url-v0.1.202204141511

url-v0.1.202205021257

url-v0.1.202206201534

url-v0.1.202206271222

url-v0.1.202207041221

url-v0.1.202208081316

url-v0.1.202208151234

url-v0.1.202208291229

v1.*

v1.0.0

v1.0.0-alpha.1+23e6783

v1.0.0-alpha.10+780b5cf

v1.0.0-alpha.2+9290589

v1.0.0-alpha.3+30921a4

v1.0.0-alpha.4+795ce38

v1.0.0-alpha.5+7ddc322

v1.0.0-alpha.6+800825c

v1.0.0-alpha.7+a4b8821

v1.0.0-alpha.8+884d7ee

v1.0.0-alpha.9+2ce347d

v1.0.0-beta.1

v1.0.0-beta.2

v1.0.0-rc.1

v1.1.0

v1.1.1

v1.18.0

v1.18.0-rc.1

v1.18.1

v1.2

v1.4.0