{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-27T13:22:54.843","vulnerabilities":[{"cve":{"id":"CVE-2022-31196","sourceIdentifier":"security-advisories@github.com","published":"2022-09-02T20:15:08.440","lastModified":"2026-06-17T04:45:00.620","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Databasir is a database metadata management platform. Databasir <= 1.06 has Server-Side Request Forgery (SSRF) vulnerability. The SSRF is triggered by a sending a **single** HTTP POST request to create a databaseType. By supplying a `jdbcDriverFileUrl` that returns a non `200` response code, the url is executed, the response is logged (both in terminal and in database) and is included in the response. This would allow an attackers to obtain the real IP address and scan Intranet information. This issue was fixed in version 1.0.7."},{"lang":"es","value":"Databasir es una plataforma de administración de metadatos de bases de datos. Databasir versiones anteriores a 1.06 incluyéndola, presenta una vulnerabilidad de tipo Server-Side Request Forgery (SSRF). La SSRF es desencadenada mediante el envío de una **sola** petición HTTP POST para crear una base de datosType. Al suministrar un \"jdbcDriverFileUrl\" que devuelve un código de respuesta que no es \"200\", la url es ejecutada, la respuesta es registrada (tanto en el terminal como en la base de datos) y es incluido en la respuesta. Esto permitiría a un atacante obtener la dirección IP real y escanear la información de la Intranet. Este problema fue corregido en versión 1.0.7"}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"vran-dev","product":"databasir","versions":[{"version":"< 1.0.7","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":4.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-04-22T15:44:40.488360Z","id":"CVE-2022-31196","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:databasir:databasir:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.7","matchCriteriaId":"6CFB6810-D4F4-428F-B799-30955E9B3D0F"}]}]}],"references":[{"url":"https://github.com/vran-dev/databasir/commit/226c20e0c9124037671a91d6b3e5083bd2462058","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/vran-dev/databasir/releases/tag/v1.0.7","source":"security-advisories@github.com","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/vran-dev/databasir/security/advisories/GHSA-qvg8-427f-852q","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/vran-dev/databasir/commit/226c20e0c9124037671a91d6b3e5083bd2462058","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/vran-dev/databasir/releases/tag/v1.0.7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/vran-dev/databasir/security/advisories/GHSA-qvg8-427f-852q","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}