SSRF in Proxmox Proxmox_mail_gateway

CVE-2022-35508

Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) are vulnerable to SSRF when proxying HTTP requests between pve(pmg)proxy and pve(pmg)daemon. An attacker with an unprivileged account can craft an HTTP request to achieve SSR…

Vulnerability class: SSRF (Server-Side Request Forgery)

EPSS: 0.012 (63.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2022-35508?
CVE-2022-35508 is a critical-severity vulnerability in Proxmox Proxmox_mail_gateway, classified under Server-Side Request Forgery (SSRF). CVSS score: 9.8/10. Published 2022-12-04.
How severe is CVE-2022-35508?
Critical severity. CVSS v3 base score is 9.8 out of 10.