NocoDB information disclosure vulnerability

GHSA-mx8q-jqwm-85mv · CVE-2022-2062

Published Jun 14, 2022 · Modified Nov 8, 2023

Description

In NocoDB prior to 0.91.7, the SMTP plugin doesn't have verification or validation. This allows attackers to make requests to internal servers and read the contents.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2022-2062
WEB https://github.com/nocodb/nocodb/commit/a18f5dd53811b9ec1c1bb2fdbfb328c0c87d7fb4
PACKAGE https://github.com/nocodb/nocodb
WEB https://huntr.dev/bounties/35593b4c-f127-4699-8ad3-f0b2203a8ef6

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes