[SSRF] CVE-2023-27163 #91
Comments
|
any update on this ? |
|
There's no decent protection for such feature. Even with every single suspicious URL filtered out, one could use a redirection to hit localhost anyways. If we want to keep such feature (which i do), the only solution is to make it admin-only (ie. enter the master key). |
|
Thank you @ZanyMonk , that is true, its quite complicated to implement a protection within a service, its a way easier to sandbox the service itself with a properly defined firewall rules. One of the options: separate project on the cloud provider, another use containers like Docker, LXC, etc with properly isolated network. This issue was already discussed in this feature request: #79 (comment) Nevertheless, my plan is to introduce a command line parameter for the service that enables forwarding, so, the feature would be disabled by default. This should at least solve a problem: anyone w/o real understanding of the security implications running Request Baskets service with default settings w/o proper network isolation and therefore opening a back door to their internal network infrastructure. |
Contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.
https://nvd.nist.gov/vuln/detail/CVE-2023-27163
https://notes.sjtu.edu.cn/s/MUUhEymt7
https://github.com/entr0pie/CVE-2023-27163
The text was updated successfully, but these errors were encountered: