CVE-2022-28108

HIGH

Selenium Grid < 4.0.0 - CSRF

Title source: rule

Description

Selenium Server (Grid) before 4 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain.

Exploits (3)

nomisec WORKING POC

by ZeroEthical · poc

https://github.com/ZeroEthical/CVE-2022-28108

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Jon Stratton, Takahiro Yokoyama · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/selenium_greed_firefox_rce_cve_2022_28108.rb

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by randomstuff (Gabriel Corona), Wiz Research, Takahiro Yokoyama · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/selenium_greed_chrome_rce_cve_2022_28108.rb

View Code ZIP pw:eip

References (3)

[Product, Vendor Advisory] https://www.selenium.dev/downloads/

[Exploit, Third Party Advisory] https://www.gabriel.urdhr.fr/2022/02/07/selenium-standalone-server-csrf-dns-rebinding-rce/

[Mailing List, Not Applicable, Third Party Advisory] https://www.openwall.com/lists/oss-security/2022/02/07/3

Scores

CVSS v3 8.8

EPSS 0.2238

EPSS Percentile 95.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-352

Status published

Products (4)

org.seleniumhq.selenium/selenium-grid 0 - 4.0.0-alpha-7Maven

org.seleniumhq.selenium/selenium-server 0Maven

selenium/selenium_grid 4.0.0 (7 CPE variants)

selenium/selenium_grid < 4.0.0

Published Apr 19, 2022

Tracked Since Feb 18, 2026