Plattform
python
Komponente
ghsl-2023-186_ghsl-2023-189_benbusby_whoogle-search
Behoben in
0.8.5
CVE-2024-22203 is a critical Server-Side Request Forgery (SSRF) vulnerability affecting Whoogle Search versions up to 0.8.4. The vulnerability stems from insufficient validation of user-controlled variables within the element method, allowing attackers to manipulate HTTP requests. Successful exploitation can grant access to internal network resources and potentially external systems, posing a significant security risk.
This SSRF vulnerability allows an attacker to craft arbitrary GET requests through Whoogle Search, effectively leveraging the server as a proxy. The attacker can target internal resources that the Whoogle Search server has access to, even if those resources are not directly accessible from the outside world. This could include accessing sensitive internal APIs, databases, or other services. The potential impact extends beyond simple information disclosure; an attacker could potentially use this SSRF to interact with internal systems, triggering actions or exfiltrating data. The lack of proper input validation makes this a high-impact vulnerability, particularly in environments where Whoogle Search is used to access internal resources.
CVE-2024-22203 was publicly disclosed on January 23, 2024. No known public exploits or active campaigns targeting this vulnerability have been reported as of this writing. The vulnerability is not currently listed on the CISA KEV catalog. The ease of exploitation, combined with the potential impact, suggests that this vulnerability should be prioritized for remediation.
Organizations running self-hosted Whoogle Search instances, particularly those with internal services accessible via the server, are at risk. Shared hosting environments where Whoogle Search is deployed alongside other applications should be carefully assessed, as a compromised Whoogle Search instance could potentially be used to attack other services on the same server.
• python / server:
# Check for Whoogle Search version
python3 -c 'import whoogle; print(whoogle.__version__)'• generic web:
curl -I http://your-whoogle-instance/element?src_type=image&element_url=http://169.254.169.254/ | grep Server• generic web:
curl -I http://your-whoogle-instance/element?src_type=image&element_url=http://localhost:8080/ | grep Serverdisclosure
Exploit-Status
EPSS
0.44% (63% Perzentil)
CVSS-Vektor
The primary mitigation for CVE-2024-22203 is to immediately upgrade Whoogle Search to version 0.8.4 or later. This version includes the necessary fixes to validate user-controlled input and prevent the SSRF vulnerability. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) with rules to block suspicious outbound requests originating from the Whoogle Search server. Restrict network access for the Whoogle Search server to only the necessary internal resources to limit the potential blast radius of a successful exploitation. Carefully review and audit any internal APIs or services that Whoogle Search might access.
Aktualisieren Sie Whoogle Search auf Version 0.8.4 oder höher. Diese Version behebt die Server-Side Request Forgery (SSRF)-Schwachstelle. Das Update verhindert, dass Angreifer Anfragen an interne oder externe Ressourcen über den Server stellen können.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-22203 is a critical Server-Side Request Forgery (SSRF) vulnerability in Whoogle Search versions up to 0.8.4, allowing attackers to make requests on behalf of the server.
You are affected if you are running Whoogle Search versions prior to 0.8.4. Upgrade immediately to mitigate the risk.
Upgrade Whoogle Search to version 0.8.4 or later. Consider WAF rules as a temporary workaround if immediate upgrade is not possible.
No active exploitation has been publicly reported as of this writing, but the vulnerability's impact warrants immediate attention.
Refer to the Whoogle Search GitHub repository for updates and advisories: https://github.com/whoogle-search/whoogle-search
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine requirements.txt-Datei hoch und wir sagen dir sofort, ob du betroffen bist.