CVE-2022-24856
published 2022-05-17CVE-2022-24856: FlyteConsole is the web user interface for the Flyte platform. FlyteConsole prior to version 0.52.0 is vulnerable to server-side request forgery (SSRF) when…
PriorityP262high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
9.66%
94.9th percentile
FlyteConsole is the web user interface for the Flyte platform. FlyteConsole prior to version 0.52.0 is vulnerable to server-side request forgery (SSRF) when FlyteConsole is open to the general internet. An attacker can exploit any user of a vulnerable instance to access the internal metadata server or other unauthenticated URLs. Passing of headers to an unauthorized actor may occur. The patch for this issue deletes the entire `cors_proxy`, as this is not required for console anymore. A patch is available in FlyteConsole version 0.52.0. Disable FlyteConsole availability on the internet as a workaround.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| flyte | flyte_console | < 0.52.0 | 0.52.0 |
| flyteorg | flyteconsole | < 0.52.0 | 0.52.0 |
Detection & IOCsextracted from sources · hover to see the quote
url{{BaseURL}}/cors_proxy/https://oast.me/
- →Detect SSRF exploitation attempts by monitoring HTTP GET requests to the /cors_proxy/ endpoint with an external or internal URL as the path parameter.
- →Also monitor for reflected XSS via the cors_proxy endpoint, as arbitrary HTML documents can be proxied through it. ↗
- →Confirm exploitation by matching the response body for 'Interactsh Server' when using out-of-band SSRF detection probes against the /cors_proxy/ endpoint.
- ·The vulnerable component (cors_proxy) was entirely removed in FlyteConsole 0.52.0; the /cors_proxy/ path should not exist on patched instances. Detection rules targeting this path will only fire on unpatched (< 0.52.0) deployments. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No advisories linked to this vulnerability.
No detection rules found.
Nuclei
Flyte Console <0.52.0 - Server-Side Request Forgery
nuclei·CVSS 7.5
CVE-2022-24856 [HIGH] Flyte Console <0.52.0 - Server-Side Request Forgery
Flyte Console <0.52.0 - Server-Side Request Forgery
FlyteConsole is the web user interface for the Flyte platform. FlyteConsole prior to version 0.52.0 is vulnerable to server-side request forgery when FlyteConsole is open to the general internet. An attacker can exploit any user of a vulnerable instance to access the internal metadata server or other unauthenticated URLs. Passing of headers to an unauthorized actor may occur.
Template:
id: CVE-2022-24856
info:
name: Flyte Console <0.52.0 - Server-Side Request Forgery
author: pdteam
severity: high
description: |
FlyteConsole is the web user interface for the Flyte platform. FlyteConsole prior to version 0.52.0 is vulnerable to server-side request forgery when FlyteConsole is open to the general internet. An attacker can exploit any use
https://github.com/flyteorg/flyteconsole/commit/05b88ed2d2ecdb5d8a8404efea25414e57189709https://github.com/flyteorg/flyteconsole/pull/389https://github.com/flyteorg/flyteconsole/releases/tag/v0.52.0https://github.com/flyteorg/flyteconsole/security/advisories/GHSA-www6-hf2v-v9m9https://github.com/flyteorg/flyteconsole/commit/05b88ed2d2ecdb5d8a8404efea25414e57189709https://github.com/flyteorg/flyteconsole/pull/389https://github.com/flyteorg/flyteconsole/releases/tag/v0.52.0https://github.com/flyteorg/flyteconsole/security/advisories/GHSA-www6-hf2v-v9m9
2022-05-17
Published