CVE-2022-24856 - OpenCVE

FlyteConsole is the web user interface for the Flyte platform. FlyteConsole prior to version 0.52.0 is vulnerable to server-side request forgery (SSRF) when FlyteConsole is open to the general internet. An attacker can exploit any user of a vulnerable instance to access the internal metadata server or other unauthenticated URLs. Passing of headers to an unauthorized actor may occur. The patch for this issue deletes the entire `cors_proxy`, as this is not required for console anymore. A patch is available in FlyteConsole version 0.52.0. Disable FlyteConsole availability on the internet as a workaround.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Flyte	Flyte Console

Configuration 1 [-]

cpe:2.3:a:flyte:flyte_console:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/flyteorg/flyteconsole/commit/05b88ed2d2ecdb5d8a8404efea25414e57189709
https://github.com/flyteorg/flyteconsole/pull/389
https://github.com/flyteorg/flyteconsole/releases/tag/v0.52.0
https://github.com/flyteorg/flyteconsole/security/advisories/GHSA-www6-hf2v-v9m9

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2022-05-17T15:25:11

Updated: 2024-08-03T04:20:50.529Z

Reserved: 2022-02-10T00:00:00

Link: CVE-2022-24856

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-05-17T16:15:09.157

Modified: 2022-05-26T22:07:07.083

Link: CVE-2022-24856

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "flyteconsole", "vendor": "flyteorg", "versions": [{"status": "affected", "version": "< 0.52.0"}]}], "descriptions": [{"lang": "en", "value": "FlyteConsole is the web user interface for the Flyte platform. FlyteConsole prior to version 0.52.0 is vulnerable to server-side request forgery (SSRF) when FlyteConsole is open to the general internet. An attacker can exploit any user of a vulnerable instance to access the internal metadata server or other unauthenticated URLs. Passing of headers to an unauthorized actor may occur. The patch for this issue deletes the entire `cors_proxy`, as this is not required for console anymore. A patch is available in FlyteConsole version 0.52.0. Disable FlyteConsole availability on the internet as a workaround."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "description": "CWE-918: Server-Side Request Forgery (SSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-05-17T15:25:11", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/flyteorg/flyteconsole/security/advisories/GHSA-www6-hf2v-v9m9"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/flyteorg/flyteconsole/pull/389"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/flyteorg/flyteconsole/commit/05b88ed2d2ecdb5d8a8404efea25414e57189709"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/flyteorg/flyteconsole/releases/tag/v0.52.0"}], "source": {"advisory": "GHSA-www6-hf2v-v9m9", "discovery": "UNKNOWN"}, "title": "Server-Side Request Forgery in FlyteConsole", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-24856", "STATE": "PUBLIC", "TITLE": "Server-Side Request Forgery in FlyteConsole"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "flyteconsole", "version": {"version_data": [{"version_value": "< 0.52.0"}]}}]}, "vendor_name": "flyteorg"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "FlyteConsole is the web user interface for the Flyte platform. FlyteConsole prior to version 0.52.0 is vulnerable to server-side request forgery (SSRF) when FlyteConsole is open to the general internet. An attacker can exploit any user of a vulnerable instance to access the internal metadata server or other unauthenticated URLs. Passing of headers to an unauthorized actor may occur. The patch for this issue deletes the entire `cors_proxy`, as this is not required for console anymore. A patch is available in FlyteConsole version 0.52.0. Disable FlyteConsole availability on the internet as a workaround."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-918: Server-Side Request Forgery (SSRF)"}]}]}, "references": {"reference_data": [{"name": "https://github.com/flyteorg/flyteconsole/security/advisories/GHSA-www6-hf2v-v9m9", "refsource": "CONFIRM", "url": "https://github.com/flyteorg/flyteconsole/security/advisories/GHSA-www6-hf2v-v9m9"}, {"name": "https://github.com/flyteorg/flyteconsole/pull/389", "refsource": "MISC", "url": "https://github.com/flyteorg/flyteconsole/pull/389"}, {"name": "https://github.com/flyteorg/flyteconsole/commit/05b88ed2d2ecdb5d8a8404efea25414e57189709", "refsource": "MISC", "url": "https://github.com/flyteorg/flyteconsole/commit/05b88ed2d2ecdb5d8a8404efea25414e57189709"}, {"name": "https://github.com/flyteorg/flyteconsole/releases/tag/v0.52.0", "refsource": "MISC", "url": "https://github.com/flyteorg/flyteconsole/releases/tag/v0.52.0"}]}, "source": {"advisory": "GHSA-www6-hf2v-v9m9", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T04:20:50.529Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/flyteorg/flyteconsole/security/advisories/GHSA-www6-hf2v-v9m9"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/flyteorg/flyteconsole/pull/389"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/flyteorg/flyteconsole/commit/05b88ed2d2ecdb5d8a8404efea25414e57189709"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/flyteorg/flyteconsole/releases/tag/v0.52.0"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-24856", "datePublished": "2022-05-17T15:25:11", "dateReserved": "2022-02-10T00:00:00", "dateUpdated": "2024-08-03T04:20:50.529Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:flyte:flyte_console:*:*:*:*:*:*:*:*", "matchCriteriaId": "CD3D2E7E-2002-4E89-8F93-7AA53CC0ADB0", "versionEndExcluding": "0.52.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "FlyteConsole is the web user interface for the Flyte platform. FlyteConsole prior to version 0.52.0 is vulnerable to server-side request forgery (SSRF) when FlyteConsole is open to the general internet. An attacker can exploit any user of a vulnerable instance to access the internal metadata server or other unauthenticated URLs. Passing of headers to an unauthorized actor may occur. The patch for this issue deletes the entire `cors_proxy`, as this is not required for console anymore. A patch is available in FlyteConsole version 0.52.0. Disable FlyteConsole availability on the internet as a workaround."}, {"lang": "es", "value": "FlyteConsole es la interfaz de usuario web para la plataforma Flyte. FlyteConsole versiones anteriores a 0.52.0, es vulnerable a un ataque de tipo server-side request forgery (SSRF) cuando FlyteConsole est\u00e1 abierto a la Internet en general. Un atacante puede aprovechar cualquier usuario de una instancia vulnerable para acceder al servidor de metadatos interno u otras URLs no autenticadas. Puede producirse el paso de encabezados a un actor no autorizado. El parche para este problema elimina \"cors_proxy\" completo, ya que no es necesario para la consola. El parche est\u00e1 disponible en la versi\u00f3n 0.52.0 de FlyteConsole. Deshabilita la disponibilidad de FlyteConsole en Internet como mitigaci\u00f3n"}], "id": "CVE-2022-24856", "lastModified": "2022-05-26T22:07:07.083", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2022-05-17T16:15:09.157", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/flyteorg/flyteconsole/commit/05b88ed2d2ecdb5d8a8404efea25414e57189709"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/flyteorg/flyteconsole/pull/389"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/flyteorg/flyteconsole/releases/tag/v0.52.0"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/flyteorg/flyteconsole/security/advisories/GHSA-www6-hf2v-v9m9"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "security-advisories@github.com", "type": "Primary"}]}