SSRF in Proxmox Proxmox_mail_gateway
CVE-2022-35508
Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) are vulnerable to SSRF when proxying HTTP requests between pve(pmg)proxy and pve(pmg)daemon. An attacker with an unprivileged account can craft an HTTP request to achieve SSR…
Vulnerability class: SSRF (Server-Side Request Forgery)
EPSS: 0.012 (63.6th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
Affected products
Weakness classification (CWE)
References
- cve@mitre.org
- cve@mitre.org
- cve@mitre.org
- cve@mitre.org (Technical Description, Exploit, Patch, Third Party Advisory)
Frequently asked questions
- What is CVE-2022-35508?
- CVE-2022-35508 is a critical-severity vulnerability in Proxmox Proxmox_mail_gateway, classified under Server-Side Request Forgery (SSRF). CVSS score: 9.8/10. Published 2022-12-04.
- How severe is CVE-2022-35508?
- Critical severity. CVSS v3 base score is 9.8 out of 10.