cbcvebase.
CVE-2022-24856
published 2022-05-17

CVE-2022-24856: FlyteConsole is the web user interface for the Flyte platform. FlyteConsole prior to version 0.52.0 is vulnerable to server-side request forgery (SSRF) when…

PriorityP262high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
9.66%
94.9th percentile
FlyteConsole is the web user interface for the Flyte platform. FlyteConsole prior to version 0.52.0 is vulnerable to server-side request forgery (SSRF) when FlyteConsole is open to the general internet. An attacker can exploit any user of a vulnerable instance to access the internal metadata server or other unauthenticated URLs. Passing of headers to an unauthorized actor may occur. The patch for this issue deletes the entire `cors_proxy`, as this is not required for console anymore. A patch is available in FlyteConsole version 0.52.0. Disable FlyteConsole availability on the internet as a workaround.

Affected

2 ranges
VendorProductVersion rangeFixed in
flyteflyte_console< 0.52.00.52.0
flyteorgflyteconsole< 0.52.00.52.0

Detection & IOCsextracted from sources · hover to see the quote

url{{BaseURL}}/cors_proxy/https://oast.me/
  • Detect SSRF exploitation attempts by monitoring HTTP GET requests to the /cors_proxy/ endpoint with an external or internal URL as the path parameter.
  • Also monitor for reflected XSS via the cors_proxy endpoint, as arbitrary HTML documents can be proxied through it.
  • Confirm exploitation by matching the response body for 'Interactsh Server' when using out-of-band SSRF detection probes against the /cors_proxy/ endpoint.
  • ·The vulnerable component (cors_proxy) was entirely removed in FlyteConsole 0.52.0; the /cors_proxy/ path should not exist on patched instances. Detection rules targeting this path will only fire on unpatched (< 0.52.0) deployments.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.