Security Advisory

CVE-2022-23206

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-02-06 15:15:10

Last updated 2024-08-03 03:36:20

Assigner apache

State PUBLISHED

Description

In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unprivileged user who can reach Traffic Ops over HTTPS can send a specially-crafted POST request to /user/login/oauth to scan a port of a server that Traffic Ops can reach.

← Browse all CVEs View on cve.org ↗