Plattform
python
Komponente
whoogle-search
Behoben in
0.8.5
CVE-2024-22205 describes a server-side request forgery (SSRF) vulnerability affecting Whoogle Search versions up to 0.8.3. This flaw allows attackers to manipulate the location parameter in the window endpoint, leading to unauthorized GET requests on behalf of the server. Successful exploitation could grant access to internal resources and potentially expose sensitive data, impacting self-hosted Whoogle Search deployments. A fix is available in version 0.8.4.
The SSRF vulnerability in Whoogle Search allows an attacker to craft arbitrary GET requests through the window endpoint. This means an attacker can potentially access internal network resources that the Whoogle Search server has access to, even if those resources are not directly accessible from the internet. This could include accessing internal APIs, databases, or other sensitive services. The impact is particularly severe because the attacker is essentially leveraging the server's credentials and network access to perform these requests. A successful attack could lead to data exfiltration, privilege escalation, or even complete compromise of the underlying server, depending on the internal resources accessed.
CVE-2024-22205 was publicly disclosed on January 23, 2024. There is currently no indication of active exploitation in the wild, but the vulnerability's CRITICAL severity and ease of exploitation suggest it could become a target. No public proof-of-concept (PoC) code has been released, but the vulnerability is relatively straightforward to exploit, increasing the likelihood of PoC development. It is not currently listed on the CISA KEV catalog.
Self-hosted Whoogle Search deployments are at direct risk. Users who have not implemented network segmentation or access controls on their Whoogle Search servers are particularly vulnerable, as an attacker could potentially leverage the SSRF to access a wide range of internal resources. Those using older, unpatched versions of Whoogle Search are most exposed.
• linux / server:
journalctl -u whoogle_search -f | grep -i "request: GET"• generic web:
curl -I http://your-whoogle-instance/window?location=http://169.254.169.254/ | grep -i "Server"disclosure
Exploit-Status
EPSS
0.30% (53% Perzentil)
CVSS-Vektor
The primary mitigation for CVE-2024-22205 is to immediately upgrade Whoogle Search to version 0.8.4 or later, which contains the necessary fix. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) or reverse proxy to filter outbound requests from the window endpoint, specifically blocking requests to internal IP ranges or sensitive internal services. Additionally, restrict network access to the Whoogle Search server to only the necessary ports and services to minimize the potential blast radius of a successful SSRF attack. After upgrading, confirm the fix by attempting to access an internal resource via the window endpoint and verifying that the request is denied or properly sanitized.
Aktualisieren Sie Whoogle Search auf Version 0.8.4 oder höher. Diese Version behebt die Server-Side Request Forgery (SSRF)-Schwachstelle, indem die Benutzereingabe im Endpunkt `window` bereinigt wird. Das Update verhindert, dass Angreifer Anfragen an interne oder externe Ressourcen über den Server stellen können.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-22205 is a critical SSRF vulnerability in Whoogle Search versions 0.8.3 and earlier, allowing attackers to make unauthorized requests on behalf of the server.
You are affected if you are running Whoogle Search version 0.8.3 or earlier. Upgrade to 0.8.4 to resolve the vulnerability.
Upgrade Whoogle Search to version 0.8.4. As a temporary workaround, implement a WAF or proxy to filter outbound requests.
There is currently no confirmed active exploitation, but the vulnerability's severity makes it a potential target.
Refer to the Whoogle Search GitHub repository for updates and advisories: https://github.com/whoogle-search/whoogle-search
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine requirements.txt-Datei hoch und wir sagen dir sofort, ob du betroffen bist.