X-Skipper-Proxy 0.13.237 Server-Side Request Forgery

Exploit Title: X-Skipper-Proxy v0.13.237 - Server Side Request Forgery SSRF Date: 24/10/2022 Exploit Author: Hosein Vita & Milad Fadavvi Vendor Homepage: https://github.com/zalando/skipper Software Link: https://github.com/zalando/skipper Version: v0.13.237 Tested on: Linux CVE: CVE-2022-38580...

GO-2022-1086 Server-side request forger via X-Skipper-Proxy in github.com/zalando/skipper

An attacker can access the internal metadata server or other unauthenticated URLs by adding a specific header X-Skipper-Proxy to the http request...

GHSA-F2RJ-M42R-6JM2 Skipper vulnerable to SSRF via X-Skipper-Proxy

Impact Skipper prior to version v0.13.236 is vulnerable to server-side request forgery SSRF. An attacker can exploit a vulnerable version of proxy to access the internal metadata server or other unauthenticated URLs by adding an specific header X-Skipper-Proxy to the http request. Patches The...

Skipper vulnerable to SSRF via X-Skipper-Proxy

Impact Skipper prior to version v0.13.236 is vulnerable to server-side request forgery SSRF. An attacker can exploit a vulnerable version of proxy to access the internal metadata server or other unauthenticated URLs by adding an specific header X-Skipper-Proxy to the http request. Patches The...