5 matches found
CVE-2022-24856
FlyteConsole is the web user interface for the Flyte platform. FlyteConsole prior to version 0.52.0 is vulnerable to server-side request forgery SSRF when FlyteConsole is open to the general internet. An attacker can exploit any user of a vulnerable instance to access the internal metadata server...
CVE-2022-24856
Summary: CVE-2022-24856 affects FlyteConsole
CVE-2022-24856 Server-Side Request Forgery in FlyteConsole
FlyteConsole is the web user interface for the Flyte platform. FlyteConsole prior to version 0.52.0 is vulnerable to server-side request forgery SSRF when FlyteConsole is open to the general internet. An attacker can exploit any user of a vulnerable instance to access the internal metadata server...
CVE-2022-24856 Server-Side Request Forgery in FlyteConsole
FlyteConsole is the web user interface for the Flyte platform. FlyteConsole prior to version 0.52.0 is vulnerable to server-side request forgery SSRF when FlyteConsole is open to the general internet. An attacker can exploit any user of a vulnerable instance to access the internal metadata server...
Uber: Full read SSRF in flyte-poc-us-east4.uberinternal.com
Uber summary TBD. @shubs and I discovered an instance of Flyte Console on uberinternal.com. After auditing the open source code, we noticed an unauthenticated route for a “CORS proxy”. This was a classic server-side request forgery issue, allowing us to pass an arbitrary request to be performed b...