Overview
In Recipes, versions 0.9.1 through 1.2.5 are vulnerable to Server Side Request Forgery (SSRF), in the “Import Recipe” functionality. When an attacker enters the localhost URL, a low privileged attacker can access/read the internal file system to access sensitive information.
Details
In Recipes, versions 0.9.1 through 1.2.5 are vulnerable to Server Side Request Forgery (SSRF), in the “Import Recipe” functionality. When an attacker enters the localhost URL, a low privileged attacker can access/read the internal file system to access sensitive information.
PoC Details
Access the application through a browser and login as a user. Then, navigate to “import recipes” by clicking on the import button on the dashboard.For POC purpose, make sure your system is listening on a certain port. Select the manual option and enter the localhost URL- <loopback_address>:<open_port>. Proceed with the request. Now under the Discovered Attribute click on “Html”. You will be able to see the list of files.
Affected Environments
0.9.1 through 1.2.5
Prevention
Update version to 1.2.6 or higher