← back
CVE-2022-1592

Server-Side Request Forgery in scout in clinical-genomics/scout

CVSS 9.4 CRITICALEPSS 1.1%CWE-918
Server-Side Request Forgery in scout in GitHub repository clinical-genomics/scout prior to v4.42. An attacker could make the application perform arbitrary requests to fishing steal cookie, request to private area, or lead to xss...
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
Affected products
clinical-genomics · clinical-genomics/scout
public PoCs found1
githubgithub.com/AdnanApriliyansyahh/CVE-2022-15921
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/clinical-genomics/scout/commit/b0ef15f4737d0c801154c1991b52ff5cab4f5c83https://huntr.dev/bounties/352b39da-0f2e-415a-9793-5480cae8bd27