Whoogle Search Server Side Request Forgery vulnerability
Plattform
python
Komponente
ghsl-2023-186_ghsl-2023-189_benbusby_whoogle-search
Behoben in
0.8.5
CVE-2024-22203 is a critical Server-Side Request Forgery (SSRF) vulnerability affecting Whoogle Search versions up to 0.8.4. The vulnerability stems from insufficient validation of user-controlled variables within the element method, allowing attackers to manipulate HTTP requests. Successful exploitation can grant access to internal network resources and potentially external systems, posing a significant security risk.
Erkenne diese CVE in deinem Projekt
Lade deine requirements.txt-Datei hoch und wir sagen dir sofort, ob du betroffen bist.
Auswirkungen und Angriffsszenarienwird übersetzt…
This SSRF vulnerability allows an attacker to craft arbitrary GET requests through Whoogle Search, effectively leveraging the server as a proxy. The attacker can target internal resources that the Whoogle Search server has access to, even if those resources are not directly accessible from the outside world. This could include accessing sensitive internal APIs, databases, or other services. The potential impact extends beyond simple information disclosure; an attacker could potentially use this SSRF to interact with internal systems, triggering actions or exfiltrating data. The lack of proper input validation makes this a high-impact vulnerability, particularly in environments where Whoogle Search is used to access internal resources.
Ausnutzungskontextwird übersetzt…
CVE-2024-22203 was publicly disclosed on January 23, 2024. No known public exploits or active campaigns targeting this vulnerability have been reported as of this writing. The vulnerability is not currently listed on the CISA KEV catalog. The ease of exploitation, combined with the potential impact, suggests that this vulnerability should be prioritized for remediation.
Wer Ist Gefährdetwird übersetzt…
Organizations running self-hosted Whoogle Search instances, particularly those with internal services accessible via the server, are at risk. Shared hosting environments where Whoogle Search is deployed alongside other applications should be carefully assessed, as a compromised Whoogle Search instance could potentially be used to attack other services on the same server.
Erkennungsschrittewird übersetzt…
• python / server:
# Check for Whoogle Search version
python3 -c 'import whoogle; print(whoogle.__version__)'• generic web:
curl -I http://your-whoogle-instance/element?src_type=image&element_url=http://169.254.169.254/ | grep Server• generic web:
curl -I http://your-whoogle-instance/element?src_type=image&element_url=http://localhost:8080/ | grep ServerAngriffszeitlinie
- Disclosure
disclosure
Bedrohungsanalyse
Exploit-Status
EPSS
0.44% (63% Perzentil)
CVSS-Vektor
Was bedeuten diese Metriken?
- Attack Vector
- Netzwerk — aus der Ferne über das Internet ausnutzbar. Kein physischer oder lokaler Zugriff erforderlich.
- Attack Complexity
- Niedrig — keine besonderen Bedingungen erforderlich. Zuverlässig ausnutzbar.
- Privileges Required
- Keine — ohne Authentifizierung ausnutzbar. Keine Zugangsdaten erforderlich.
- User Interaction
- Keine — automatischer und lautloser Angriff. Das Opfer tut nichts.
- Scope
- Unverändert — Auswirkung auf das anfällige Komponente beschränkt.
- Confidentiality
- Hoch — vollständiger Vertraulichkeitsverlust. Angreifer kann alle Daten lesen.
- Integrity
- Hoch — Angreifer kann beliebige Daten schreiben, ändern oder löschen.
- Availability
- Keine — kein Verfügbarkeitseinfluss.
Betroffene Software
Schwachstellen-Klassifikation (CWE)
Zeitleiste
- Reserviert
- Veröffentlicht
- Geändert
- EPSS aktualisiert
Mitigation und Workaroundswird übersetzt…
The primary mitigation for CVE-2024-22203 is to immediately upgrade Whoogle Search to version 0.8.4 or later. This version includes the necessary fixes to validate user-controlled input and prevent the SSRF vulnerability. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) with rules to block suspicious outbound requests originating from the Whoogle Search server. Restrict network access for the Whoogle Search server to only the necessary internal resources to limit the potential blast radius of a successful exploitation. Carefully review and audit any internal APIs or services that Whoogle Search might access.
So beheben
Aktualisieren Sie Whoogle Search auf Version 0.8.4 oder höher. Diese Version behebt die Server-Side Request Forgery (SSRF)-Schwachstelle. Das Update verhindert, dass Angreifer Anfragen an interne oder externe Ressourcen über den Server stellen können.
CVE-Sicherheitsnewsletter
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
Häufig gestellte Fragenwird übersetzt…
What is CVE-2024-22203 — SSRF in Whoogle Search?
CVE-2024-22203 is a critical Server-Side Request Forgery (SSRF) vulnerability in Whoogle Search versions up to 0.8.4, allowing attackers to make requests on behalf of the server.
Am I affected by CVE-2024-22203 in Whoogle Search?
You are affected if you are running Whoogle Search versions prior to 0.8.4. Upgrade immediately to mitigate the risk.
How do I fix CVE-2024-22203 in Whoogle Search?
Upgrade Whoogle Search to version 0.8.4 or later. Consider WAF rules as a temporary workaround if immediate upgrade is not possible.
Is CVE-2024-22203 being actively exploited?
No active exploitation has been publicly reported as of this writing, but the vulnerability's impact warrants immediate attention.
Where can I find the official Whoogle Search advisory for CVE-2024-22203?
Refer to the Whoogle Search GitHub repository for updates and advisories: https://github.com/whoogle-search/whoogle-search
Ist dein Projekt betroffen?
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.