CVE-2022-39383

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-39383
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-39383.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-39383
Aliases
Related
Published
2022-11-16T20:15:10Z
Modified
2025-01-14T11:08:44.171725Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

KubeVela is an open source application delivery platform. Users using the VelaUX APIServer could be affected by this vulnerability. When using Helm Chart as the component delivery method, the request address of the warehouse is not restricted, and there is a blind SSRF vulnerability. Users who're using v1.6, please update the v1.6.1. Users who're using v1.5, please update the v1.5.8. There are no known workarounds for this issue.

References

Affected packages

Git / github.com/kubevela/kubevela

Affected ranges

Type
GIT
Repo
https://github.com/kubevela/kubevela
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

v0.*

v0.0.1
v0.0.1-alpha
v0.0.1.1
v0.0.1.2
v0.0.2
v0.0.3
v0.0.4
v0.0.7
v0.0.8
v0.0.9
v0.1.0
v0.1.1
v0.1.2
v0.2.0
v0.2.1
v0.2.2
v0.3.0
v0.3.1
v0.3.2
v0.3.3

v1.*

v1.0.0
v1.0.0-rc1
v1.0.0-rc2
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.1.0
v1.1.0-alpha.1
v1.1.0-alpha.2
v1.1.0-alpha.3
v1.1.0-alpha.4
v1.1.0-alpha.5
v1.1.0-beta.1
v1.1.0-beta.2
v1.1.0-beta.3
v1.1.0-rc.1
v1.1.0-rc.2
v1.1.1
v1.1.2
v1.1.3
v1.2.0
v1.2.0-beta.1
v1.2.0-beta.2
v1.2.0-beta.3
v1.2.0-rc.1
v1.2.0-rc.2
v1.2.1
v1.3.0
v1.3.0-alpha.1
v1.3.0-beta.1
v1.3.0-beta.2
v1.4.0-alpha.1
v1.4.0-alpha.2
v1.4.0-alpha.3
v1.4.0-beta.1
v1.5.0
v1.5.0-alpha.1
v1.5.0-alpha.2
v1.5.0-alpha.3
v1.5.0-beta.1
v1.5.0-beta.2
v1.5.0-beta.3
v1.5.0-beta.4
v1.5.0-beta.5
v1.5.0-beta.6
v1.5.0-beta.7
v1.5.2
v1.5.3
v1.5.4
v1.5.5
v1.5.6
v1.5.7
v1.5.8

vela-v0.*

vela-v0.0.2-alpha