CVE-2022-1592: 
Python vulnerability analysis and mitigation

Server-Side Request Forgery (SSRF) vulnerability was discovered in the scout repository by Clinical-Genomics prior to version 4.42. The vulnerability was identified in the remote_cors function in the alignviewers view component. This security issue was assigned CVE-2022-1592 and was discovered in May 2022 (GitHub Commit).

The vulnerability exists in the remotecors function within the alignviewers view component. The issue allowed an attacker to make the application perform unauthorized requests. The fix involved implementing authentication checks and session track validation through the checksession_tracks function to ensure that users requesting resources are authenticated and the requested resources are present in the session IGV tracks (GitHub Commit).

The vulnerability could allow an attacker to perform unauthorized server-side requests through the application, potentially leading to unauthorized access to internal resources or data exposure.

The issue was fixed in scout version 4.42 by implementing proper authentication checks and session validation. Users are advised to upgrade to this version or later. The fix includes the addition of the checksessiontracks function that verifies user authentication and validates that requested resources are present in session IGV tracks (GitHub Commit).