Lucene search

GitHub Advisory DatabaseGHSA-F2RJ-M42R-6JM2

HistoryOct 25, 2022 - 8:22 p.m.

Skipper vulnerable to SSRF via X-Skipper-Proxy

2022-10-2520:22:29

CWE-918

GitHub Advisory Database

github.com

skipper

ssrf

x-skipper-proxy

vulnerable

patched

upgrade

workaround

github

metadata server

http request

filter

zalando

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.026 Low

EPSS

Percentile

90.4%

JSON

Impact

Skipper prior to version v0.13.236 is vulnerable to server-side request forgery (SSRF). An attacker can exploit a vulnerable version of proxy to access the internal metadata server or other unauthenticated URLs by adding an specific header (X-Skipper-Proxy) to the http request.

Patches

The problem was patched in version https://github.com/zalando/skipper/releases/tag/v0.13.237.
Users need to upgrade to skipper >=v0.13.237.

Workarounds

Use dropRequestHeader("X-Skipper-Proxy") filter

References

https://github.com/zalando/skipper/releases/tag/v0.13.237

For more information

If you have any questions or comments about this advisory:

Open an issue in https://github.com/zalando/skipper/issues/new/choose
Chat with us in slack: https://app.slack.com/client/T029RQSE6/C82Q5JNH5

Affected configurations

Vulners

Node

zalandoskipperRange<0.13.237

CPENameOperatorVersion
github.com/zalando/skipperlt0.13.237

CPE	Name	Operator	Version
	github.com/zalando/skipper	lt	0.13.237

References

packetstormsecurity.com/files/171546/X-Skipper-Proxy-0.13.237-Server-Side-Request-Forgery.html

skipper.com

zalando.com

gist.github.com/Fadavvi/9fffcfa4aaa9e25b77cfe7b3044b2857#file-cve-2022-38580

github.com/advisories/GHSA-f2rj-m42r-6jm2

github.com/zalando/skipper/commit/842634347da8fe77e396f66edea79d329fd72130

github.com/zalando/skipper/pull/2058

github.com/zalando/skipper/releases/tag/v0.13.237

github.com/zalando/skipper/security/advisories/GHSA-f2rj-m42r-6jm2

nvd.nist.gov/vuln/detail/CVE-2022-38580

pastebin.com/dXxpgPAK

pkg.go.dev/vuln/GO-2022-1086

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.026 Low

EPSS

Percentile

90.4%

JSON

Related for GHSA-F2RJ-M42R-6JM2