Login Sign Up

CVE-2021-22255

7.7 HIGH
SSRF

📋 TL;DR

This vulnerability allows authenticated users in Baserow to perform Server-Side Request Forgery (SSRF) attacks via URL file upload functionality. Attackers can exploit this to retrieve files from internal HTTP servers within the network. Only Baserow instances running versions below 1.1.0 are affected.

💻 Affected Systems

Products:
  • Baserow
Versions: All versions < 1.1.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated user access to exploit.

📦 What is this software?

Baserow by Baserow

View all CVEs affecting Baserow →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access sensitive internal files, credentials, or metadata from cloud provider instances, potentially leading to lateral movement and full network compromise.

🟠

Likely Case

Unauthorized access to internal HTTP services and file retrieval from internal servers, exposing sensitive data.

🟢

If Mitigated

Limited impact with proper network segmentation and internal service authentication in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access but is straightforward once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.1.0

Vendor Advisory: https://baserow.io/blog/march-2021-release-of-baserow

Restart Required: Yes

Instructions:

1. Backup your Baserow instance. 2. Update to Baserow version 1.1.0 or later. 3. Restart the Baserow service.

🔧 Temporary Workarounds

Disable URL file upload

all

Temporarily disable the URL file upload functionality until patching is possible.

Modify Baserow configuration to remove URL upload options

Network segmentation

all

Restrict Baserow server's network access to internal HTTP services.

Configure firewall rules to block Baserow server from accessing internal HTTP services

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate Baserow from internal HTTP services
  • Monitor for suspicious file upload activities and internal network requests from Baserow

🔍 How to Verify

Check if Vulnerable:

Check Baserow version via admin interface or configuration files. If version is below 1.1.0, the system is vulnerable.

Check Version:

Check Baserow admin dashboard or configuration files for version information

Verify Fix Applied:

Confirm Baserow version is 1.1.0 or higher and test URL file upload functionality with internal addresses.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file upload requests with internal IP addresses or URLs
  • Multiple failed attempts to access internal services

Network Indicators:

  • Outbound HTTP requests from Baserow server to internal network addresses
  • Unusual traffic patterns from Baserow to internal services

SIEM Query:

source="baserow" AND (url_upload OR internal_ip_request)

📊 Metadata

CVE ID: CVE-2021-22255
CVSS v3 Score: 7.7 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CWE: CWE-918
Published: August 20, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-22255, you might also want to check these:

CVE-2023-3432 10.0

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in PlantUML versions prior to ...

Same vulnerability type (CWE-918)
CVE-2025-2828 10.0

This Server-Side Request Forgery (SSRF) vulnerability in langchain-community's RequestsToolkit allow...

Same vulnerability type (CWE-918)
CVE-2023-43654 10.0

TorchServe versions 0.1.0 to 0.8.1 have a critical vulnerability where the default configuration lac...

Same vulnerability type (CWE-918)