Plataforma
python
Componente
ghsl-2023-186_ghsl-2023-189_benbusby_whoogle-search
Corrigido em
0.8.5
CVE-2024-22203 is a critical Server-Side Request Forgery (SSRF) vulnerability affecting Whoogle Search versions up to 0.8.4. The vulnerability stems from insufficient validation of user-controlled variables within the element method, allowing attackers to manipulate HTTP requests. Successful exploitation can grant access to internal network resources and potentially external systems, posing a significant security risk.
This SSRF vulnerability allows an attacker to craft arbitrary GET requests through Whoogle Search, effectively leveraging the server as a proxy. The attacker can target internal resources that the Whoogle Search server has access to, even if those resources are not directly accessible from the outside world. This could include accessing sensitive internal APIs, databases, or other services. The potential impact extends beyond simple information disclosure; an attacker could potentially use this SSRF to interact with internal systems, triggering actions or exfiltrating data. The lack of proper input validation makes this a high-impact vulnerability, particularly in environments where Whoogle Search is used to access internal resources.
CVE-2024-22203 was publicly disclosed on January 23, 2024. No known public exploits or active campaigns targeting this vulnerability have been reported as of this writing. The vulnerability is not currently listed on the CISA KEV catalog. The ease of exploitation, combined with the potential impact, suggests that this vulnerability should be prioritized for remediation.
Organizations running self-hosted Whoogle Search instances, particularly those with internal services accessible via the server, are at risk. Shared hosting environments where Whoogle Search is deployed alongside other applications should be carefully assessed, as a compromised Whoogle Search instance could potentially be used to attack other services on the same server.
• python / server:
# Check for Whoogle Search version
python3 -c 'import whoogle; print(whoogle.__version__)'• generic web:
curl -I http://your-whoogle-instance/element?src_type=image&element_url=http://169.254.169.254/ | grep Server• generic web:
curl -I http://your-whoogle-instance/element?src_type=image&element_url=http://localhost:8080/ | grep Serverdisclosure
Status do Exploit
EPSS
0.44% (percentil 63%)
Vetor CVSS
The primary mitigation for CVE-2024-22203 is to immediately upgrade Whoogle Search to version 0.8.4 or later. This version includes the necessary fixes to validate user-controlled input and prevent the SSRF vulnerability. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) with rules to block suspicious outbound requests originating from the Whoogle Search server. Restrict network access for the Whoogle Search server to only the necessary internal resources to limit the potential blast radius of a successful exploitation. Carefully review and audit any internal APIs or services that Whoogle Search might access.
Atualize Whoogle Search para a versão 0.8.4 ou superior. Esta versão corrige a vulnerabilidade de Server Side Request Forgery (SSRF). A atualização evitará que atacantes possam realizar solicitações a recursos internos ou externos através do servidor.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2024-22203 is a critical Server-Side Request Forgery (SSRF) vulnerability in Whoogle Search versions up to 0.8.4, allowing attackers to make requests on behalf of the server.
You are affected if you are running Whoogle Search versions prior to 0.8.4. Upgrade immediately to mitigate the risk.
Upgrade Whoogle Search to version 0.8.4 or later. Consider WAF rules as a temporary workaround if immediate upgrade is not possible.
No active exploitation has been publicly reported as of this writing, but the vulnerability's impact warrants immediate attention.
Refer to the Whoogle Search GitHub repository for updates and advisories: https://github.com/whoogle-search/whoogle-search
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.
Envie seu arquivo requirements.txt e descubra na hora se você está afetado.