Platform
python
Component
whoogle-search
Fixed in
0.8.5
CVE-2024-22205 describes a server-side request forgery (SSRF) vulnerability affecting Whoogle Search versions up to 0.8.3. This flaw allows attackers to manipulate the location parameter in the window endpoint, leading to unauthorized GET requests on behalf of the server. Successful exploitation could grant access to internal resources and potentially expose sensitive data, impacting self-hosted Whoogle Search deployments. A fix is available in version 0.8.4.
The SSRF vulnerability in Whoogle Search allows an attacker to craft arbitrary GET requests through the window endpoint. This means an attacker can potentially access internal network resources that the Whoogle Search server has access to, even if those resources are not directly accessible from the internet. This could include accessing internal APIs, databases, or other sensitive services. The impact is particularly severe because the attacker is essentially leveraging the server's credentials and network access to perform these requests. A successful attack could lead to data exfiltration, privilege escalation, or even complete compromise of the underlying server, depending on the internal resources accessed.
CVE-2024-22205 was publicly disclosed on January 23, 2024. There is currently no indication of active exploitation in the wild, but the vulnerability's CRITICAL severity and ease of exploitation suggest it could become a target. No public proof-of-concept (PoC) code has been released, but the vulnerability is relatively straightforward to exploit, increasing the likelihood of PoC development. It is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.30% (53% percentile)
CVSS Vector
The primary mitigation for CVE-2024-22205 is to immediately upgrade Whoogle Search to version 0.8.4 or later, which contains the necessary fix. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) or reverse proxy to filter outbound requests from the window endpoint, specifically blocking requests to internal IP ranges or sensitive internal services. Additionally, restrict network access to the Whoogle Search server to only the necessary ports and services to minimize the potential blast radius of a successful SSRF attack. After upgrading, confirm the fix by attempting to access an internal resource via the window endpoint and verifying that the request is denied or properly sanitized.
Update Whoogle Search to version 0.8.4 or higher. This version fixes the Server Side Request Forgery (SSRF) vulnerability by sanitizing user input in the `window` endpoint. The update will prevent attackers from making requests to internal or external resources through the server.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-22205 is a critical SSRF vulnerability in Whoogle Search versions 0.8.3 and earlier, allowing attackers to make unauthorized requests on behalf of the server.
You are affected if you are running Whoogle Search version 0.8.3 or earlier. Upgrade to 0.8.4 to resolve the vulnerability.
Upgrade Whoogle Search to version 0.8.4. As a temporary workaround, implement a WAF or proxy to filter outbound requests.
There is currently no confirmed active exploitation, but the vulnerability's severity makes it a potential target.
Refer to the Whoogle Search GitHub repository for updates and advisories: https://github.com/whoogle-search/whoogle-search
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.