Lucene search
GoogleOSV:CVE-2022-24856HistoryMay 17, 2022 - 4:15 p.m.
CVE-2022-24856
2022-05-1716:15:09
Google
osv.dev
5
cve-2022-24856
flyteconsole
ssrf
vulnerability
web user interface
server-side request forgery
patch
cors_proxy
unauthorized access
metadata server
internet
workaround
software
FlyteConsole is the web user interface for the Flyte platform. FlyteConsole prior to version 0.52.0 is vulnerable to server-side request forgery (SSRF) when FlyteConsole is open to the general internet. An attacker can exploit any user of a vulnerable instance to access the internal metadata server or other unauthenticated URLs. Passing of headers to an unauthorized actor may occur. The patch for this issue deletes the entire cors_proxy, as this is not required for console anymore. A patch is available in FlyteConsole version 0.52.0. Disable FlyteConsole availability on the internet as a workaround.
Related
nuclei
nuclei
Flyte Console <0.52.0 - Server-Side Request Forgery
2022-05-27 08:13:31
hackerone
hackerone
Uber: Full read SSRF in flyte-poc-us-east4.uberinternal.com
2022-04-14 03:58:25
cvelist
cvelist
CVE-2022-24856 Server-Side Request Forgery in FlyteConsole
2022-05-17 15:25:11
nvd
nvd
CVE-2022-24856
2022-05-17 16:15:09
cve
cve
CVE-2022-24856
2022-05-17 16:15:09
prion
prion
Server side request forgery (ssrf)
2022-05-17 16:15:00