Lucene search

GitHub Advisory DatabaseGHSA-Q97G-C29H-X2P7

HistoryMar 14, 2024 - 8:37 p.m.

Whoogle Search Path Traversal vulnerability

2024-03-1420:37:57

CWE-918

GitHub Advisory Database

github.com

whoogle search

path traversal

vulnerability

get requests

server-side.

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.6

Confidence

Low

EPSS

0.001

Percentile

45.5%

JSON

Whoogle Search is a self-hosted metasearch engine. In versions prior to 0.8.4, the element method in app/routes.py does not validate the user-controlled src_type and element_url variables and passes them to the send method which sends a GET request on lines 339-343 in request.py, which leads to a server-side request forgery. This issue allows for crafting GET requests to internal and external resources on behalf of the server. For example, this issue would allow for accessing resources on the internal network that the server has access to, even though these resources may not be accessible on the internet. This issue is fixed in version 0.8.4.

Affected configurations

Vulners

Node

whoogle-search_projectwhoogle-searchRange0–0.8.4

VendorProductVersionCPE
whoogle-search_projectwhoogle-search*cpe:2.3:a:whoogle-search_project:whoogle-search:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
whoogle-search_project	whoogle-search	*	cpe:2.3:a:whoogle-search_project:whoogle-search::::::::

References

github.com/advisories/GHSA-q97g-c29h-x2p7

github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/request.py#L339-L343

github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L465-L490

github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L466

github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L476

github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L479

github.com/benbusby/whoogle-search/commit/3a2e0b262e4a076a20416b45e6b6f23fd265aeda

github.com/pypa/advisory-database/tree/main/vulns/whoogle-search/PYSEC-2024-20.yaml

nvd.nist.gov/vuln/detail/CVE-2024-22203

securitylab.github.com/advisories/GHSL-2023-186_GHSL-2023-189_benbusby_whoogle-search

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.6

Confidence

Low

EPSS

0.001

Percentile

45.5%

JSON

Related for GHSA-Q97G-C29H-X2P7