CVE-2023-42812 - Vulnerability Details - OpenCVE

Galaxy is an open-source platform for FAIR data analysis. Prior to version 22.05, Galaxy is vulnerable to server-side request forgery, which allows a malicious to issue arbitrary HTTP/HTTPS requests from the application server to internal hosts and read their responses. Version 22.05 contains a patch for this issue.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00076.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Galaxyproject	Galaxy

Configuration 1 [-]

cpe:2.3:a:galaxyproject:galaxy:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-47235	Galaxy is an open-source platform for FAIR data analysis. Prior to version 22.05, Galaxy is vulnerable to server-side request forgery, which allows a malicious to issue arbitrary HTTP/HTTPS requests from the application server to internal hosts and read their responses. Version 22.05 contains a patch for this issue.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/galaxyproject/galaxy/blob/06d56c859713b74f1c2e35da1c2fcbbf0a965645/lib/galaxy/files/uris.py
https://github.com/galaxyproject/galaxy/security/advisories/GHSA-vf5q-r8p9-35xh

History

Tue, 24 Sep 2024 15:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-09-22T16:07:02.731Z

Updated: 2024-09-24T14:25:37.165Z

Reserved: 2023-09-14T16:13:33.308Z

Link: CVE-2023-42812

Vulnrichment

Updated: 2024-08-02T19:30:23.991Z

NVD

Status : Modified

Published: 2023-09-22T17:15:14.733

Modified: 2024-11-21T08:23:15.813

Link: CVE-2023-42812

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-42812", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-09-14T16:13:33.308Z", "datePublished": "2023-09-22T16:07:02.731Z", "dateUpdated": "2024-09-24T14:25:37.165Z"}, "containers": {"cna": {"title": "Galaxy vulnerable to Server Side Request Forgery during data imports", "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/galaxyproject/galaxy/security/advisories/GHSA-vf5q-r8p9-35xh", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/galaxyproject/galaxy/security/advisories/GHSA-vf5q-r8p9-35xh"}, {"name": "https://github.com/galaxyproject/galaxy/blob/06d56c859713b74f1c2e35da1c2fcbbf0a965645/lib/galaxy/files/uris.py", "tags": ["x_refsource_MISC"], "url": "https://github.com/galaxyproject/galaxy/blob/06d56c859713b74f1c2e35da1c2fcbbf0a965645/lib/galaxy/files/uris.py"}], "affected": [{"vendor": "galaxyproject", "product": "galaxy", "versions": [{"version": "< 22.05", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-09-22T16:07:02.731Z"}, "descriptions": [{"lang": "en", "value": "Galaxy is an open-source platform for FAIR data analysis. Prior to version 22.05, Galaxy is vulnerable to server-side request forgery, which allows a malicious to issue arbitrary HTTP/HTTPS requests from the application server to internal hosts and read their responses. Version 22.05 contains a patch for this issue."}], "source": {"advisory": "GHSA-vf5q-r8p9-35xh", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:30:23.991Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/galaxyproject/galaxy/security/advisories/GHSA-vf5q-r8p9-35xh", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/galaxyproject/galaxy/security/advisories/GHSA-vf5q-r8p9-35xh"}, {"name": "https://github.com/galaxyproject/galaxy/blob/06d56c859713b74f1c2e35da1c2fcbbf0a965645/lib/galaxy/files/uris.py", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/galaxyproject/galaxy/blob/06d56c859713b74f1c2e35da1c2fcbbf0a965645/lib/galaxy/files/uris.py"}]}, {"affected": [{"vendor": "galaxyproject", "product": "galaxy", "cpes": ["cpe:2.3:a:galaxyproject:galaxy:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "22.05", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-24T14:16:11.186927Z", "id": "CVE-2023-42812", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-24T14:25:37.165Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/galaxyproject/galaxy/security/advisories/GHSA-vf5q-r8p9-35xh", "name": "https://github.com/galaxyproject/galaxy/security/advisories/GHSA-vf5q-r8p9-35xh", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/galaxyproject/galaxy/blob/06d56c859713b74f1c2e35da1c2fcbbf0a965645/lib/galaxy/files/uris.py", "name": "https://github.com/galaxyproject/galaxy/blob/06d56c859713b74f1c2e35da1c2fcbbf0a965645/lib/galaxy/files/uris.py", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:30:23.991Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-42812", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-24T14:16:11.186927Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:galaxyproject:galaxy:*:*:*:*:*:*:*:*"], "vendor": "galaxyproject", "product": "galaxy", "versions": [{"status": "affected", "version": "0", "lessThan": "22.05", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-24T14:24:56.956Z"}}], "cna": {"title": "Galaxy vulnerable to Server Side Request Forgery during data imports", "source": {"advisory": "GHSA-vf5q-r8p9-35xh", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "galaxyproject", "product": "galaxy", "versions": [{"status": "affected", "version": "< 22.05"}]}], "references": [{"url": "https://github.com/galaxyproject/galaxy/security/advisories/GHSA-vf5q-r8p9-35xh", "name": "https://github.com/galaxyproject/galaxy/security/advisories/GHSA-vf5q-r8p9-35xh", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/galaxyproject/galaxy/blob/06d56c859713b74f1c2e35da1c2fcbbf0a965645/lib/galaxy/files/uris.py", "name": "https://github.com/galaxyproject/galaxy/blob/06d56c859713b74f1c2e35da1c2fcbbf0a965645/lib/galaxy/files/uris.py", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Galaxy is an open-source platform for FAIR data analysis. Prior to version 22.05, Galaxy is vulnerable to server-side request forgery, which allows a malicious to issue arbitrary HTTP/HTTPS requests from the application server to internal hosts and read their responses. Version 22.05 contains a patch for this issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918: Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-09-22T16:07:02.731Z"}}}, "cveMetadata": {"cveId": "CVE-2023-42812", "state": "PUBLISHED", "dateUpdated": "2024-09-24T14:25:37.165Z", "dateReserved": "2023-09-14T16:13:33.308Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2023-09-22T16:07:02.731Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:galaxyproject:galaxy:*:*:*:*:*:*:*:*", "matchCriteriaId": "31F18A03-444E-4F18-A8FC-B730A142C487", "versionEndExcluding": "22.05", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Galaxy is an open-source platform for FAIR data analysis. Prior to version 22.05, Galaxy is vulnerable to server-side request forgery, which allows a malicious to issue arbitrary HTTP/HTTPS requests from the application server to internal hosts and read their responses. Version 22.05 contains a patch for this issue."}, {"lang": "es", "value": "Galaxy es una plataforma de c\u00f3digo abierto para el an\u00e1lisis de datos FAIR. Antes de la versi\u00f3n 22.05, Galaxy es vulnerable a Server-Side Request Forgery (SSRF), lo que permite que un malware emita solicitudes HTTP/HTTPS arbitrarias desde el servidor de aplicaciones a los hosts internos y lea sus respuestas. La versi\u00f3n 22.05 contiene un parche para este problema."}], "id": "CVE-2023-42812", "lastModified": "2024-11-21T08:23:15.813", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-09-22T17:15:14.733", "references": [{"source": "security-advisories@github.com", "tags": ["Issue Tracking"], "url": "https://github.com/galaxyproject/galaxy/blob/06d56c859713b74f1c2e35da1c2fcbbf0a965645/lib/galaxy/files/uris.py"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/galaxyproject/galaxy/security/advisories/GHSA-vf5q-r8p9-35xh"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://github.com/galaxyproject/galaxy/blob/06d56c859713b74f1c2e35da1c2fcbbf0a965645/lib/galaxy/files/uris.py"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/galaxyproject/galaxy/security/advisories/GHSA-vf5q-r8p9-35xh"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "security-advisories@github.com", "type": "Secondary"}]}