प्लेटफ़ॉर्म
python
घटक
whoogle-search
में ठीक किया गया
0.8.5
CVE-2024-22205 describes a server-side request forgery (SSRF) vulnerability affecting Whoogle Search versions up to 0.8.3. This flaw allows attackers to manipulate the location parameter in the window endpoint, leading to unauthorized GET requests on behalf of the server. Successful exploitation could grant access to internal resources and potentially expose sensitive data, impacting self-hosted Whoogle Search deployments. A fix is available in version 0.8.4.
The SSRF vulnerability in Whoogle Search allows an attacker to craft arbitrary GET requests through the window endpoint. This means an attacker can potentially access internal network resources that the Whoogle Search server has access to, even if those resources are not directly accessible from the internet. This could include accessing internal APIs, databases, or other sensitive services. The impact is particularly severe because the attacker is essentially leveraging the server's credentials and network access to perform these requests. A successful attack could lead to data exfiltration, privilege escalation, or even complete compromise of the underlying server, depending on the internal resources accessed.
CVE-2024-22205 was publicly disclosed on January 23, 2024. There is currently no indication of active exploitation in the wild, but the vulnerability's CRITICAL severity and ease of exploitation suggest it could become a target. No public proof-of-concept (PoC) code has been released, but the vulnerability is relatively straightforward to exploit, increasing the likelihood of PoC development. It is not currently listed on the CISA KEV catalog.
Self-hosted Whoogle Search deployments are at direct risk. Users who have not implemented network segmentation or access controls on their Whoogle Search servers are particularly vulnerable, as an attacker could potentially leverage the SSRF to access a wide range of internal resources. Those using older, unpatched versions of Whoogle Search are most exposed.
• linux / server:
journalctl -u whoogle_search -f | grep -i "request: GET"• generic web:
curl -I http://your-whoogle-instance/window?location=http://169.254.169.254/ | grep -i "Server"disclosure
एक्सप्लॉइट स्थिति
EPSS
0.30% (53% शतमक)
CVSS वेक्टर
The primary mitigation for CVE-2024-22205 is to immediately upgrade Whoogle Search to version 0.8.4 or later, which contains the necessary fix. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) or reverse proxy to filter outbound requests from the window endpoint, specifically blocking requests to internal IP ranges or sensitive internal services. Additionally, restrict network access to the Whoogle Search server to only the necessary ports and services to minimize the potential blast radius of a successful SSRF attack. After upgrading, confirm the fix by attempting to access an internal resource via the window endpoint and verifying that the request is denied or properly sanitized.
Whoogle Search को संस्करण 0.8.4 या उससे ऊपर के संस्करण में अपडेट करें। यह संस्करण `window` एंडपॉइंट पर उपयोगकर्ता इनपुट को सैनिटाइज करके Server Side Request Forgery (SSRF) भेद्यता को ठीक करता है। अपडेट करने से हमलावरों को सर्वर के माध्यम से आंतरिक या बाहरी संसाधनों के लिए अनुरोध करने से रोका जा सकेगा।
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2024-22205 is a critical SSRF vulnerability in Whoogle Search versions 0.8.3 and earlier, allowing attackers to make unauthorized requests on behalf of the server.
You are affected if you are running Whoogle Search version 0.8.3 or earlier. Upgrade to 0.8.4 to resolve the vulnerability.
Upgrade Whoogle Search to version 0.8.4. As a temporary workaround, implement a WAF or proxy to filter outbound requests.
There is currently no confirmed active exploitation, but the vulnerability's severity makes it a potential target.
Refer to the Whoogle Search GitHub repository for updates and advisories: https://github.com/whoogle-search/whoogle-search
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।
अपनी requirements.txt फ़ाइल अपलोड करें और तुरंत जानें कि आप प्रभावित हैं या नहीं।