Lucene search

GitHub_MVULNRICHMENT:CVE-2024-41118

HistoryJul 26, 2024 - 8:52 p.m.

CVE-2024-41118 streamlit-geospatial blind SSRF in pages/7_📦_Web_Map_Service.py

2024-07-2620:52:46

CWE-918

GitHub_M

github.com

streamlit-geospatial

ssrf vulnerability

fix

cve-2024-41118

multipage app

geospatial applications

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

6.9

Confidence

High

EPSS

0.001

Percentile

27.7%

SSVC

Exploitation

poc

Automatable

yes

Technical Impact

partial

JSON

streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the url variable on line 47 of pages/7_📦_Web_Map_Service.py takes user input, which is passed to get_layers function, in which url is used with get_wms_layer method. get_wms_layer method creates a request to arbitrary destinations, leading to blind server-side request forgery. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:opengeos:streamlit-geospatial:*:*:*:*:*:*:*:*"
    ],
    "vendor": "opengeos",
    "product": "streamlit-geospatial",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "c4f81d9616d40c60584e36abb15300853a66e489",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/7_%F0%9F%93%A6_Web_Map_Service.py#L25

github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/7_%F0%9F%93%A6_Web_Map_Service.py#L47

github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/7_%F0%9F%93%A6_Web_Map_Service.py#L53

github.com/opengeos/streamlit-geospatial/commit/c4f81d9616d40c60584e36abb15300853a66e489

securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

6.9

Confidence

High

EPSS

0.001

Percentile

27.7%

SSVC

Exploitation

poc

Automatable

yes

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-41118