In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unprivileged user who can reach Traffic Ops over HTTPS can send a specially-crafted POST request to /user/login/oauth to scan a port of a server that Traffic Ops can reach.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2024-08-03T03:36:20.177Z

Reserved: 2022-01-13T00:00:00.000Z

Link: CVE-2022-23206

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-02-06T16:15:07.593

Modified: 2026-06-17T04:29:41.063

Link: CVE-2022-23206

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.