UBUNTU-CVE-2022-35583

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2022-35583

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-35583.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2022-35583

Related

CVE-2022-35583

Published

2022-08-22T16:15:00Z

Modified

2024-12-18T16:41:39Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

wkhtmlTOpdf 0.12.6 is vulnerable to SSRF which allows an attacker to get initial access into the target's system by injecting iframe tag with initial asset IP address on it's source. This allows the attacker to takeover the whole infrastructure by accessing their internal assets.

References

Affected packages

Ubuntu:Pro:14.04:LTS / wkhtmltopdf

Package

Name: wkhtmltopdf
Purl: pkg:deb/ubuntu/wkhtmltopdf?arch=src?distro=esm-infra-legacy/trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.9.9-4

0.9.9-4ubuntu0.1~esm1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:16.04:LTS / wkhtmltopdf

Package

Name: wkhtmltopdf
Purl: pkg:deb/ubuntu/wkhtmltopdf?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.12.2.4-1

0.12.2.4-1ubuntu0.1~esm1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / wkhtmltopdf

Package

Name: wkhtmltopdf
Purl: pkg:deb/ubuntu/wkhtmltopdf?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.12.3.2-3

0.12.4-1

0.12.4-1ubuntu0.1~esm1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / wkhtmltopdf

Package

Name: wkhtmltopdf
Purl: pkg:deb/ubuntu/wkhtmltopdf?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.12.5-1

0.12.5-1build1

0.12.5-1ubuntu0.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / wkhtmltopdf

Package

Name: wkhtmltopdf
Purl: pkg:deb/ubuntu/wkhtmltopdf?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.12.6-1

0.12.6-2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / wkhtmltopdf

Package

Name: wkhtmltopdf
Purl: pkg:deb/ubuntu/wkhtmltopdf?arch=src?distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.12.6-2build2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / wkhtmltopdf

Package

Name: wkhtmltopdf
Purl: pkg:deb/ubuntu/wkhtmltopdf?arch=src?distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.12.6-2

0.12.6-2build1

0.12.6-2build2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}