OpenCVE

LibreY is a fork of LibreX, a framework-less and javascript-free privacy respecting meta search engine. LibreY is subject to a Server-Side Request Forgery (SSRF) vulnerability in the `image_proxy.php` file of LibreY before commit 8f9b9803f231e2954e5b49987a532d28fe50a627. This vulnerability allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network or conduct Denial-of-Service (DoS) attacks via the `url` parameter. Remote attackers can use the server as a proxy to send HTTP GET requests and retrieve information in the internal network. Remote attackers can also request the server to download large files or chain requests among multiple instances to reduce the performance of the server or even deny access from legitimate users. This issue has been addressed in https://github.com/Ahwxorg/LibreY/pull/31. LibreY hosters are advised to use the latest commit. There are no known workarounds for this vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable yes

Technical Impact partial

Vendors	Products
Ahwx	Librey

Configuration 1 [-]

cpe:2.3:a:ahwx:librey:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/Ahwxorg/LibreY/pull/31
https://github.com/Ahwxorg/LibreY/security/advisories/GHSA-p4f9-h8x8-mpwf

History

Mon, 30 Sep 2024 18:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-09-04T17:32:07.504Z

Updated: 2024-09-30T17:47:34.079Z

Reserved: 2023-08-22T16:57:23.934Z

Link: CVE-2023-41054

Vulnrichment

Updated: 2024-08-02T18:46:11.644Z

NVD

Status : Modified

Published: 2023-09-04T18:15:08.977

Modified: 2024-11-21T08:20:28.127

Link: CVE-2023-41054

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-41054", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-08-22T16:57:23.934Z", "datePublished": "2023-09-04T17:32:07.504Z", "dateUpdated": "2024-09-30T17:47:34.079Z"}, "containers": {"cna": {"title": "LibreY Server-Side Request Forgery (SSRF) vulnerability in image_proxy.php", "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/Ahwxorg/LibreY/security/advisories/GHSA-p4f9-h8x8-mpwf", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Ahwxorg/LibreY/security/advisories/GHSA-p4f9-h8x8-mpwf"}, {"name": "https://github.com/Ahwxorg/LibreY/pull/31", "tags": ["x_refsource_MISC"], "url": "https://github.com/Ahwxorg/LibreY/pull/31"}], "affected": [{"vendor": "Ahwxorg", "product": "LibreY", "versions": [{"version": "< 8f9b9803f231e2954e5b49987a532d28fe50a627", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-09-04T17:32:07.504Z"}, "descriptions": [{"lang": "en", "value": "LibreY is a fork of LibreX, a framework-less and javascript-free privacy respecting meta search engine. LibreY is subject to a Server-Side Request Forgery (SSRF) vulnerability in the `image_proxy.php` file of LibreY before commit 8f9b9803f231e2954e5b49987a532d28fe50a627. This vulnerability allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network or conduct Denial-of-Service (DoS) attacks via the `url` parameter. Remote attackers can use the server as a proxy to send HTTP GET requests and retrieve information in the internal network. Remote attackers can also request the server to download large files or chain requests among multiple instances to reduce the performance of the server or even deny access from legitimate users. This issue has been addressed in https://github.com/Ahwxorg/LibreY/pull/31. LibreY hosters are advised to use the latest commit. There are no known workarounds for this vulnerability."}], "source": {"advisory": "GHSA-p4f9-h8x8-mpwf", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:46:11.644Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/Ahwxorg/LibreY/security/advisories/GHSA-p4f9-h8x8-mpwf", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/Ahwxorg/LibreY/security/advisories/GHSA-p4f9-h8x8-mpwf"}, {"name": "https://github.com/Ahwxorg/LibreY/pull/31", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/Ahwxorg/LibreY/pull/31"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-30T17:47:24.563036Z", "id": "CVE-2023-41054", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-30T17:47:34.079Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/Ahwxorg/LibreY/security/advisories/GHSA-p4f9-h8x8-mpwf", "name": "https://github.com/Ahwxorg/LibreY/security/advisories/GHSA-p4f9-h8x8-mpwf", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/Ahwxorg/LibreY/pull/31", "name": "https://github.com/Ahwxorg/LibreY/pull/31", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:46:11.644Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-41054", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-30T17:47:24.563036Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-30T17:47:29.176Z"}}], "cna": {"title": "LibreY Server-Side Request Forgery (SSRF) vulnerability in image_proxy.php", "source": {"advisory": "GHSA-p4f9-h8x8-mpwf", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "Ahwxorg", "product": "LibreY", "versions": [{"status": "affected", "version": "< 8f9b9803f231e2954e5b49987a532d28fe50a627"}]}], "references": [{"url": "https://github.com/Ahwxorg/LibreY/security/advisories/GHSA-p4f9-h8x8-mpwf", "name": "https://github.com/Ahwxorg/LibreY/security/advisories/GHSA-p4f9-h8x8-mpwf", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/Ahwxorg/LibreY/pull/31", "name": "https://github.com/Ahwxorg/LibreY/pull/31", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "LibreY is a fork of LibreX, a framework-less and javascript-free privacy respecting meta search engine. LibreY is subject to a Server-Side Request Forgery (SSRF) vulnerability in the `image_proxy.php` file of LibreY before commit 8f9b9803f231e2954e5b49987a532d28fe50a627. This vulnerability allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network or conduct Denial-of-Service (DoS) attacks via the `url` parameter. Remote attackers can use the server as a proxy to send HTTP GET requests and retrieve information in the internal network. Remote attackers can also request the server to download large files or chain requests among multiple instances to reduce the performance of the server or even deny access from legitimate users. This issue has been addressed in https://github.com/Ahwxorg/LibreY/pull/31. LibreY hosters are advised to use the latest commit. There are no known workarounds for this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918: Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-09-04T17:32:07.504Z"}}}, "cveMetadata": {"cveId": "CVE-2023-41054", "state": "PUBLISHED", "dateUpdated": "2024-09-30T17:47:34.079Z", "dateReserved": "2023-08-22T16:57:23.934Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2023-09-04T17:32:07.504Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ahwx:librey:*:*:*:*:*:*:*:*", "matchCriteriaId": "C2034F07-7024-4598-9E24-06506A1223D3", "versionEndExcluding": "2023-08-29", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "LibreY is a fork of LibreX, a framework-less and javascript-free privacy respecting meta search engine. LibreY is subject to a Server-Side Request Forgery (SSRF) vulnerability in the `image_proxy.php` file of LibreY before commit 8f9b9803f231e2954e5b49987a532d28fe50a627. This vulnerability allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network or conduct Denial-of-Service (DoS) attacks via the `url` parameter. Remote attackers can use the server as a proxy to send HTTP GET requests and retrieve information in the internal network. Remote attackers can also request the server to download large files or chain requests among multiple instances to reduce the performance of the server or even deny access from legitimate users. This issue has been addressed in https://github.com/Ahwxorg/LibreY/pull/31. LibreY hosters are advised to use the latest commit. There are no known workarounds for this vulnerability."}, {"lang": "es", "value": "LibreY es un fork de LibreX, un metabuscador sin framework y sin javascript que respeta la privacidad. LibreY est\u00e1 sujeto a una vulnerabilidad de Server-Side Request Forgery (SSRF) en el archivo \"image_proxy.php\" de LibreY antes del commit 8f9b9803f231e2954e5b49987a532d28fe50a627. Esta vulnerabilidad permite a atacantes remotos utilizar el servidor como proxy para enviar peticiones HTTP GET a objetivos arbitrarios y recuperar informaci\u00f3n en la red interna o realizar ataques de denegaci\u00f3n de servicio (Dos) a trav\u00e9s del par\u00e1metro \"url\". Los atacantes remotos pueden utilizar el servidor como proxy para enviar peticiones HTTP GET y recuperar informaci\u00f3n en la red interna. Los atacantes remotos tambi\u00e9n pueden solicitar al servidor que descargue archivos de gran tama\u00f1o o encadenar peticiones entre varias instancias para reducir el rendimiento del servidor o incluso denegar el acceso a usuarios leg\u00edtimos. Este problema se ha solucionado en https://github.com/Ahwxorg/LibreY/pull/31. Se recomienda a los hosters de LibreY que utilicen el \u00faltimo commit. No se conocen soluciones para esta vulnerabilidad. "}], "id": "CVE-2023-41054", "lastModified": "2024-11-21T08:20:28.127", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-09-04T18:15:08.977", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/Ahwxorg/LibreY/pull/31"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "https://github.com/Ahwxorg/LibreY/security/advisories/GHSA-p4f9-h8x8-mpwf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/Ahwxorg/LibreY/pull/31"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "https://github.com/Ahwxorg/LibreY/security/advisories/GHSA-p4f9-h8x8-mpwf"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "security-advisories@github.com", "type": "Secondary"}]}