Cyber Resilience

CVE-2022-1561

Medium

Published: 01 August 2022

Published
01 August 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
EPSS Score 0.0019 41.1th percentile
Risk Priority 8 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-1561 is a medium-severity MAID (CWE-471) vulnerability in Krakend Krakend. Its CVSS base score is 4.0 (Medium).

Operationally, ranked at the 41.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Lura and KrakenD-CE versions older than v2.0.2 and KrakenD-EE versions older than v2.0.0 do not sanitize URL parameters correctly, allowing a malicious user to alter the backend URL defined for a pipe when remote users send crafty URL requests. The…

more

vulnerability does not affect KrakenD itself, but the consumed backend might be vulnerable.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

krakend
krakend
≤ 2.0.0 · ≤ 2.0.2
luraproject
lura
≤ 2.0.2

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-471

Checksums and integrity protection during transformation/packing detect unauthorized modification of data assumed to be immutable before it is transmitted.

References