OpenCVE

LibreY is a fork of LibreX, a framework-less and javascript-free privacy respecting meta search engine. LibreY is subject to a Server-Side Request Forgery (SSRF) vulnerability in the `engines/google/text.php` and `engines/duckduckgo/text.php` files in versions before commit be59098abd119cda70b15bf3faac596dfd39a744. This vulnerability allows remote attackers to request the server to send HTTP GET requests to arbitrary targets and conduct Denial-of-Service (DoS) attacks via the `wikipedia_language` cookie. Remote attackers can request the server to download large files to reduce the performance of the server or even deny access from legitimate users. This issue has been patched in https://github.com/Ahwxorg/LibreY/pull/9. LibreY hosters are advised to use the latest commit. There are no known workarounds for this vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable yes

Technical Impact partial

Vendors	Products
Ahwx	Librey

Configuration 1 [-]

cpe:2.3:a:ahwx:librey:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/Ahwxorg/LibreY/pull/9
https://github.com/Ahwxorg/LibreY/security/advisories/GHSA-xfj6-4vp9-8rgc

History

Mon, 30 Sep 2024 18:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-09-04T17:32:09.310Z

Updated: 2024-09-30T17:44:49.389Z

Reserved: 2023-08-22T16:57:23.934Z

Link: CVE-2023-41055

Vulnrichment

Updated: 2024-08-02T18:46:11.804Z

NVD

Status : Modified

Published: 2023-09-04T18:15:09.203

Modified: 2024-11-21T08:20:28.260

Link: CVE-2023-41055

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-41055", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-08-22T16:57:23.934Z", "datePublished": "2023-09-04T17:32:09.310Z", "dateUpdated": "2024-09-30T17:44:49.389Z"}, "containers": {"cna": {"title": "LibreY Server-Side Request Forgery (SSRF) vulnerability via wikipedia_language cookie", "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/Ahwxorg/LibreY/security/advisories/GHSA-xfj6-4vp9-8rgc", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Ahwxorg/LibreY/security/advisories/GHSA-xfj6-4vp9-8rgc"}, {"name": "https://github.com/Ahwxorg/LibreY/pull/9", "tags": ["x_refsource_MISC"], "url": "https://github.com/Ahwxorg/LibreY/pull/9"}], "affected": [{"vendor": "Ahwxorg", "product": "LibreY", "versions": [{"version": "< be59098abd119cda70b15bf3faac596dfd39a744", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-09-04T17:32:09.310Z"}, "descriptions": [{"lang": "en", "value": "LibreY is a fork of LibreX, a framework-less and javascript-free privacy respecting meta search engine. LibreY is subject to a Server-Side Request Forgery (SSRF) vulnerability in the `engines/google/text.php` and `engines/duckduckgo/text.php` files in versions before commit be59098abd119cda70b15bf3faac596dfd39a744. This vulnerability allows remote attackers to request the server to send HTTP GET requests to arbitrary targets and conduct Denial-of-Service (DoS) attacks via the `wikipedia_language` cookie. Remote attackers can request the server to download large files to reduce the performance of the server or even deny access from legitimate users. This issue has been patched in https://github.com/Ahwxorg/LibreY/pull/9. LibreY hosters are advised to use the latest commit. There are no known workarounds for this vulnerability."}], "source": {"advisory": "GHSA-xfj6-4vp9-8rgc", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:46:11.804Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/Ahwxorg/LibreY/security/advisories/GHSA-xfj6-4vp9-8rgc", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/Ahwxorg/LibreY/security/advisories/GHSA-xfj6-4vp9-8rgc"}, {"name": "https://github.com/Ahwxorg/LibreY/pull/9", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/Ahwxorg/LibreY/pull/9"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-30T17:44:32.409807Z", "id": "CVE-2023-41055", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-30T17:44:49.389Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-41055", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-08-22T16:57:23.934Z", "datePublished": "2023-09-04T17:32:09.310Z", "dateUpdated": "2024-09-30T17:44:49.389Z"}, "containers": {"cna": {"title": "LibreY Server-Side Request Forgery (SSRF) vulnerability via wikipedia_language cookie", "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/Ahwxorg/LibreY/security/advisories/GHSA-xfj6-4vp9-8rgc", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Ahwxorg/LibreY/security/advisories/GHSA-xfj6-4vp9-8rgc"}, {"name": "https://github.com/Ahwxorg/LibreY/pull/9", "tags": ["x_refsource_MISC"], "url": "https://github.com/Ahwxorg/LibreY/pull/9"}], "affected": [{"vendor": "Ahwxorg", "product": "LibreY", "versions": [{"version": "< be59098abd119cda70b15bf3faac596dfd39a744", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-09-04T17:32:09.310Z"}, "descriptions": [{"lang": "en", "value": "LibreY is a fork of LibreX, a framework-less and javascript-free privacy respecting meta search engine. LibreY is subject to a Server-Side Request Forgery (SSRF) vulnerability in the `engines/google/text.php` and `engines/duckduckgo/text.php` files in versions before commit be59098abd119cda70b15bf3faac596dfd39a744. This vulnerability allows remote attackers to request the server to send HTTP GET requests to arbitrary targets and conduct Denial-of-Service (DoS) attacks via the `wikipedia_language` cookie. Remote attackers can request the server to download large files to reduce the performance of the server or even deny access from legitimate users. This issue has been patched in https://github.com/Ahwxorg/LibreY/pull/9. LibreY hosters are advised to use the latest commit. There are no known workarounds for this vulnerability."}], "source": {"advisory": "GHSA-xfj6-4vp9-8rgc", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:46:11.804Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/Ahwxorg/LibreY/security/advisories/GHSA-xfj6-4vp9-8rgc", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/Ahwxorg/LibreY/security/advisories/GHSA-xfj6-4vp9-8rgc"}, {"name": "https://github.com/Ahwxorg/LibreY/pull/9", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/Ahwxorg/LibreY/pull/9"}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-41055", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-30T17:44:32.409807Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-30T17:44:44.125Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ahwx:librey:*:*:*:*:*:*:*:*", "matchCriteriaId": "C84208E2-25ED-4435-A72C-95619190D677", "versionEndExcluding": "2023-08-17", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "LibreY is a fork of LibreX, a framework-less and javascript-free privacy respecting meta search engine. LibreY is subject to a Server-Side Request Forgery (SSRF) vulnerability in the `engines/google/text.php` and `engines/duckduckgo/text.php` files in versions before commit be59098abd119cda70b15bf3faac596dfd39a744. This vulnerability allows remote attackers to request the server to send HTTP GET requests to arbitrary targets and conduct Denial-of-Service (DoS) attacks via the `wikipedia_language` cookie. Remote attackers can request the server to download large files to reduce the performance of the server or even deny access from legitimate users. This issue has been patched in https://github.com/Ahwxorg/LibreY/pull/9. LibreY hosters are advised to use the latest commit. There are no known workarounds for this vulnerability."}, {"lang": "es", "value": "LibreY es un fork de LibreX, un metabuscador sin framework y sin javascript que respeta la privacidad. LibreY est\u00e1 sujeto a una vulnerabilidad de Server-Side Request Forgery (SSRF) en los archivos `engines/google/text.php` y `engines/duckduckgo/text.php` en versiones anteriores a be59098abd119cda70b15bf3faac596dfd39a744.Esta vulnerabilidad permite a atacantes remotos solicitar al servidor que env\u00ede solicitudes HTTP GET a objetivos arbitrarios y realizar ataques de denegaci\u00f3n de servicio (DoS) a trav\u00e9s de la cookie `wikipedia_language.Los atacantes remotos pueden solicitar al servidor que descargue archivos grandes para reducir el rendimiento del servidor o incluso negar el acceso a usuarios leg\u00edtimos. Este problema se solucion\u00f3 en https://github.com/Ahwxorg/LibreY/pull/9. Se recomienda a los hosters de LibreY que utilicen el \u00faltimo commit. No se conocen soluciones para esta vulnerabilidad."}], "id": "CVE-2023-41055", "lastModified": "2024-11-21T08:20:28.260", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-09-04T18:15:09.203", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/Ahwxorg/LibreY/pull/9"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "https://github.com/Ahwxorg/LibreY/security/advisories/GHSA-xfj6-4vp9-8rgc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/Ahwxorg/LibreY/pull/9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "https://github.com/Ahwxorg/LibreY/security/advisories/GHSA-xfj6-4vp9-8rgc"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "security-advisories@github.com", "type": "Secondary"}]}