CVE-2022-38580
published 2022-10-25CVE-2022-38580: Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery (SSRF).
PriorityP264critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
11.00%
95.3th percentile
Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery (SSRF).
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | zalando_skipper | >= 0 < 0.13.237 | 0.13.237 |
| zalando | skipper | < 0.13.237 | 0.13.237 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect inbound HTTP requests containing the 'X-Skipper-Proxy' header, especially when its value points to internal/link-local addresses (e.g., 169.254.169.254) or other non-public IP ranges. ↗
- →Monitor for requests to AWS IMDSv1 path '/latest/meta-data/iam/security-credentials' originating from the Skipper proxy process, which would indicate successful SSRF exploitation. ↗
- →Flag any HTTP request where the X-Skipper-Proxy header value resolves to a link-local (169.254.0.0/16) or RFC-1918 private address, as this is the core SSRF vector. ↗
- ·Only Zalando Skipper versions prior to v0.13.237 are vulnerable; upgrading to v0.13.237 or later mitigates the issue. ↗
- ·The SSRF is exploitable without authentication — no credentials or session tokens are required by the attacker, only the ability to send an HTTP request with a crafted header. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Server-side request forger via X-Skipper-Proxy in github.com/zalando/skipper
osv·2022-11-02
CVE-2022-38580 Server-side request forger via X-Skipper-Proxy in github.com/zalando/skipper
Server-side request forger via X-Skipper-Proxy in github.com/zalando/skipper
An attacker can access the internal metadata server or other unauthenticated URLs by adding a specific header (X-Skipper-Proxy) to the http request.
OSV
Skipper vulnerable to SSRF via X-Skipper-Proxy
osv·2022-10-25
CVE-2022-38580 [CRITICAL] Skipper vulnerable to SSRF via X-Skipper-Proxy
Skipper vulnerable to SSRF via X-Skipper-Proxy
### Impact
Skipper prior to version v0.13.236 is vulnerable to server-side request forgery (SSRF). An attacker can exploit a vulnerable version of proxy to access the internal metadata server or other unauthenticated URLs by adding an specific header (X-Skipper-Proxy) to the http request.
### Patches
The problem was patched in version https://github.com/zalando/skipper/releases/tag/v0.13.237.
Users need to upgrade to skipper `>=v0.13.237`.
### Workarounds
Use `dropRequestHeader("X-Skipper-Proxy")` filter
### References
https://github.com/zalando/skipper/releases/tag/v0.13.237
### For more information
If you have any questions or comments about this advisory:
* Open an issue in https://github.com/zalando/skipper/issues/new/choose
* Cha
GHSA
Skipper vulnerable to SSRF via X-Skipper-Proxy
ghsa·2022-10-25
CVE-2022-38580 [CRITICAL] CWE-918 Skipper vulnerable to SSRF via X-Skipper-Proxy
Skipper vulnerable to SSRF via X-Skipper-Proxy
### Impact
Skipper prior to version v0.13.236 is vulnerable to server-side request forgery (SSRF). An attacker can exploit a vulnerable version of proxy to access the internal metadata server or other unauthenticated URLs by adding an specific header (X-Skipper-Proxy) to the http request.
### Patches
The problem was patched in version https://github.com/zalando/skipper/releases/tag/v0.13.237.
Users need to upgrade to skipper `>=v0.13.237`.
### Workarounds
Use `dropRequestHeader("X-Skipper-Proxy")` filter
### References
https://github.com/zalando/skipper/releases/tag/v0.13.237
### For more information
If you have any questions or comments about this advisory:
* Open an issue in https://github.com/zalando/skipper/issues/new/choose
* Cha
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/171546/X-Skipper-Proxy-0.13.237-Server-Side-Request-Forgery.htmlhttp://skipper.comhttp://zalando.comhttps://gist.github.com/Fadavvi/9fffcfa4aaa9e25b77cfe7b3044b2857#file-cve-2022-38580https://pastebin.com/dXxpgPAKhttp://packetstormsecurity.com/files/171546/X-Skipper-Proxy-0.13.237-Server-Side-Request-Forgery.htmlhttp://skipper.comhttp://zalando.comhttps://gist.github.com/Fadavvi/9fffcfa4aaa9e25b77cfe7b3044b2857#file-cve-2022-38580https://pastebin.com/dXxpgPAK
2022-10-25
Published