CVE-2022-2339 – CVE-2022-2339 is a Server-Side Request Forgery ... (How to Fix)

Q: What is the severity of CVE-2022-2339?

CVE-2022-2339 has a CVSS score of 7.5 (HIGH). CVE-2022-2339 is a Server-Side Request Forgery (SSRF) vulnerability in NocoDB that allows attackers to make requests to internal network resources from the vulnerable server. This can lead to sensitive information disclosure from internal systems. Users running vulnerable versions of NocoDB are affected.

📋 TL;DR

CVE-2022-2339 is a Server-Side Request Forgery (SSRF) vulnerability in NocoDB that allows attackers to make requests to internal network resources from the vulnerable server. This can lead to sensitive information disclosure from internal systems. Users running vulnerable versions of NocoDB are affected.

💻 Affected Systems

Products:

NocoDB

Versions: Versions prior to the fix commit 000ecd886738b965b5997cd905825e3244f48b95

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations of affected NocoDB versions are vulnerable.

📦 What is this software?

Nocodb by Nocodb

View all CVEs affecting Nocodb →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of internal network resources accessible to the server, including cloud metadata services, internal APIs, and sensitive data stores.

🟠

Likely Case

Information disclosure from internal services, potentially including credentials, configuration data, and proprietary information.

🟢

If Mitigated

Limited impact with proper network segmentation and egress filtering in place.

🌐 Internet-Facing: HIGH - Internet-facing instances can be directly exploited by external attackers.

🏢 Internal Only: MEDIUM - Internal instances still vulnerable to authenticated attackers or those with network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires some level of access to the NocoDB interface, but the SSRF technique itself is straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions including commit 000ecd886738b965b5997cd905825e3244f48b95

Vendor Advisory: https://github.com/nocodb/nocodb/commit/000ecd886738b965b5997cd905825e3244f48b95

Restart Required: Yes

Instructions:

1. Update NocoDB to version containing commit 000ecd886738b965b5997cd905825e3244f48b95 or later. 2. Restart the NocoDB service. 3. Verify the fix by testing SSRF attempts.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict outbound network access from NocoDB servers to only necessary external resources.

Input Validation

all

Implement URL validation to reject internal IP addresses and localhost requests.

🧯 If You Can't Patch

Implement strict network egress filtering to block requests to internal IP ranges from the NocoDB server.
Use a reverse proxy or WAF to filter and validate all outbound requests from the application.

🔍 How to Verify

Check if Vulnerable:

Check if NocoDB version is older than commit 000ecd886738b965b5997cd905825e3244f48b95. Test by attempting to make a request to internal resources through the application.

Check Version:

Check NocoDB version in application interface or deployment configuration.

Verify Fix Applied:

After patching, attempt SSRF attacks to internal addresses and verify they are blocked or properly validated.

📡 Detection & Monitoring

Log Indicators:

Unusual outbound HTTP requests from NocoDB server to internal IP addresses
Requests to cloud metadata endpoints (169.254.169.254, etc.)

Network Indicators:

HTTP traffic from NocoDB server to internal network segments not normally accessed

SIEM Query:

source_ip="nocoDB_server_ip" AND dest_ip IN (RFC1918_ranges, 127.0.0.0/8, 169.254.169.254)

📊 Metadata

CVE ID: CVE-2022-2339

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-918

Published: July 7, 2022

Last Updated: August 26, 2025

🔗 References

https://github.com/nocodb/nocodb/commit/000ecd886738b965b5997cd905825e3244f48b95 Patch,Third Party Advisory
https://huntr.dev/bounties/fff06de8-2a82-49b1-8e81-968731e87eef Exploit,Patch,Third Party Advisory
https://github.com/nocodb/nocodb/commit/000ecd886738b965b5997cd905825e3244f48b95 Patch,Third Party Advisory
https://huntr.dev/bounties/fff06de8-2a82-49b1-8e81-968731e87eef Exploit,Patch,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-2339, you might also want to check these: