Headline
Ateme TITAN File 3.9 Job Callbacks SSRF File Enumeration
Authenticated Server-Side Request Forgery (SSRF) vulnerability exists in the Titan File video transcoding software. The application parses user supplied data in the job callback url GET parameter. Since no validation is carried out on the parameter, an attacker can specify an external domain and force the application to make an HTTP/DNS/File request to an arbitrary destination. This can be used by an external attacker for example to bypass firewalls and initiate a service, file and network enumeration on the internal network through the affected application.
Title: Ateme TITAN File 3.9 Job Callbacks SSRF File Enumeration
Advisory ID: ZSL-2023-5781
Type: Local/Remote
Impact: Exposure of System Information
Risk: (3/5)
Release Date: 07.07.2023
Summary
TITAN File is a multi-codec/format video transcoding software, for mezzanine, STB and ABR VOD, PostProduction, Playout and Archive applications. TITAN File is based on ATEME 5th Generation STREAM compression engine and delivers the highest video quality at minimum bitrates with accelerated parallel processing.
Description
Authenticated Server-Side Request Forgery (SSRF) vulnerability exists in the Titan File video transcoding software. The application parses user supplied data in the job callback url GET parameter. Since no validation is carried out on the parameter, an attacker can specify an external domain and force the application to make an HTTP/DNS/File request to an arbitrary destination. This can be used by an external attacker for example to bypass firewalls and initiate a service, file and network enumeration on the internal network through the affected application.
Vendor
Ateme - https://www.ateme.com
Affected Version
3.9.12.4
3.9.11.0
3.9.9.2
3.9.8.0
Tested On
Microsoft Windows
NodeJS
Ateme KFE Software
Vendor Status
[22.04.2023] Vulnerability discovered.
[23.04.2023] Vendor contacted.
[06.07.2023] No response from the vendor.
[07.07.2023] Public security advisory released.
PoC
ateme_ssrf.txt
Credits
Vulnerability discovered by Gjoko Krstic - <[email protected]>
References
N/A
Changelog
[07.07.2023] - Initial release
Contact
Zero Science Lab
Web: https://www.zeroscience.mk
e-mail: [email protected]