CVE-2023-46725 - Vulnerability Details

Vendors	Products
Foodcoopshop	Foodcoopshop

Source	ID	Title
EUVD	EUVD-2023-2988	FoodCoopShop is open source software for food coops and local shops. Versions starting with 3.2.0 prior to 3.6.1 are vulnerable to server-side request forgery. In the Network module, a manufacturer account can use the `/api/updateProducts.json` endpoint to make the server send a request to an arbitrary host. This means that the server can be used as a proxy into the internal network where the server is. Furthermore, the checks on a valid image are not adequate, leading to a time of check time of use issue. For example, by using a custom server that returns 200 on HEAD requests, then return a valid image on first GET request and then a 302 redirect to final target on second GET request, the server will copy whatever file is at the redirect destination, making this a full SSRF. Version 3.6.1 fixes this vulnerability.
Github GHSA	GHSA-jhww-fx2j-3rf7	FoodCoopShop Server-Side Request Forgery vulnerability

Link	Providers
https://github.com/foodcoopshop/foodcoopshop/commit/0d5bec5c4c22e1affe7fd321a30e3f3a4d99e808
https://github.com/foodcoopshop/foodcoopshop/pull/972
https://github.com/foodcoopshop/foodcoopshop/security/advisories/GHSA-jhww-fx2j-3rf7
https://pastebin.com/8K5Brwbq

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-46725", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-10-25T14:30:33.751Z", "datePublished": "2023-11-02T14:19:42.920Z", "dateUpdated": "2024-09-12T19:35:43.524Z"}, "containers": {"cna": {"title": "FoodCoopShop Server-Side Request Forgery vulnerability", "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/foodcoopshop/foodcoopshop/security/advisories/GHSA-jhww-fx2j-3rf7", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/foodcoopshop/foodcoopshop/security/advisories/GHSA-jhww-fx2j-3rf7"}, {"name": "https://github.com/foodcoopshop/foodcoopshop/pull/972", "tags": ["x_refsource_MISC"], "url": "https://github.com/foodcoopshop/foodcoopshop/pull/972"}, {"name": "https://github.com/foodcoopshop/foodcoopshop/commit/0d5bec5c4c22e1affe7fd321a30e3f3a4d99e808", "tags": ["x_refsource_MISC"], "url": "https://github.com/foodcoopshop/foodcoopshop/commit/0d5bec5c4c22e1affe7fd321a30e3f3a4d99e808"}, {"name": "https://pastebin.com/8K5Brwbq", "tags": ["x_refsource_MISC"], "url": "https://pastebin.com/8K5Brwbq"}], "affected": [{"vendor": "foodcoopshop", "product": "foodcoopshop", "versions": [{"version": ">= 3.2.0, < 3.6.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-11-06T16:33:19.544Z"}, "descriptions": [{"lang": "en", "value": "FoodCoopShop is open source software for food coops and local shops. Versions starting with 3.2.0 prior to 3.6.1 are vulnerable to server-side request forgery. In the Network module, a manufacturer account can use the `/api/updateProducts.json` endpoint to make the server send a request to an arbitrary host. This means that the server can be used as a proxy into the internal network where the server is. Furthermore, the checks on a valid image are not adequate, leading to a time of check time of use issue. For example, by using a custom server that returns 200 on HEAD requests, then return a valid image on first GET request and then a 302 redirect to final target on second GET request, the server will copy whatever file is at the redirect destination, making this a full SSRF. Version 3.6.1 fixes this vulnerability."}], "source": {"advisory": "GHSA-jhww-fx2j-3rf7", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T20:53:20.938Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/foodcoopshop/foodcoopshop/security/advisories/GHSA-jhww-fx2j-3rf7", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/foodcoopshop/foodcoopshop/security/advisories/GHSA-jhww-fx2j-3rf7"}, {"name": "https://github.com/foodcoopshop/foodcoopshop/pull/972", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/foodcoopshop/foodcoopshop/pull/972"}, {"name": "https://github.com/foodcoopshop/foodcoopshop/commit/0d5bec5c4c22e1affe7fd321a30e3f3a4d99e808", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/foodcoopshop/foodcoopshop/commit/0d5bec5c4c22e1affe7fd321a30e3f3a4d99e808"}, {"name": "https://pastebin.com/8K5Brwbq", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://pastebin.com/8K5Brwbq"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-05T18:25:16.341091Z", "id": "CVE-2023-46725", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T19:35:43.524Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/foodcoopshop/foodcoopshop/security/advisories/GHSA-jhww-fx2j-3rf7", "name": "https://github.com/foodcoopshop/foodcoopshop/security/advisories/GHSA-jhww-fx2j-3rf7", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/foodcoopshop/foodcoopshop/pull/972", "name": "https://github.com/foodcoopshop/foodcoopshop/pull/972", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/foodcoopshop/foodcoopshop/commit/0d5bec5c4c22e1affe7fd321a30e3f3a4d99e808", "name": "https://github.com/foodcoopshop/foodcoopshop/commit/0d5bec5c4c22e1affe7fd321a30e3f3a4d99e808", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://pastebin.com/8K5Brwbq", "name": "https://pastebin.com/8K5Brwbq", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T20:53:20.938Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-46725", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-05T18:25:16.341091Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T19:35:39.684Z"}}], "cna": {"title": "FoodCoopShop Server-Side Request Forgery vulnerability", "source": {"advisory": "GHSA-jhww-fx2j-3rf7", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "foodcoopshop", "product": "foodcoopshop", "versions": [{"status": "affected", "version": ">= 3.2.0, < 3.6.1"}]}], "references": [{"url": "https://github.com/foodcoopshop/foodcoopshop/security/advisories/GHSA-jhww-fx2j-3rf7", "name": "https://github.com/foodcoopshop/foodcoopshop/security/advisories/GHSA-jhww-fx2j-3rf7", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/foodcoopshop/foodcoopshop/pull/972", "name": "https://github.com/foodcoopshop/foodcoopshop/pull/972", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/foodcoopshop/foodcoopshop/commit/0d5bec5c4c22e1affe7fd321a30e3f3a4d99e808", "name": "https://github.com/foodcoopshop/foodcoopshop/commit/0d5bec5c4c22e1affe7fd321a30e3f3a4d99e808", "tags": ["x_refsource_MISC"]}, {"url": "https://pastebin.com/8K5Brwbq", "name": "https://pastebin.com/8K5Brwbq", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "FoodCoopShop is open source software for food coops and local shops. Versions starting with 3.2.0 prior to 3.6.1 are vulnerable to server-side request forgery. In the Network module, a manufacturer account can use the `/api/updateProducts.json` endpoint to make the server send a request to an arbitrary host. This means that the server can be used as a proxy into the internal network where the server is. Furthermore, the checks on a valid image are not adequate, leading to a time of check time of use issue. For example, by using a custom server that returns 200 on HEAD requests, then return a valid image on first GET request and then a 302 redirect to final target on second GET request, the server will copy whatever file is at the redirect destination, making this a full SSRF. Version 3.6.1 fixes this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918: Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-11-06T16:33:19.544Z"}}}, "cveMetadata": {"cveId": "CVE-2023-46725", "state": "PUBLISHED", "dateUpdated": "2024-09-12T19:35:43.524Z", "dateReserved": "2023-10-25T14:30:33.751Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2023-11-02T14:19:42.920Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:foodcoopshop:foodcoopshop:*:*:*:*:*:*:*:*", "matchCriteriaId": "3F749AE9-CD3D-408F-ADA7-47D384325618", "versionEndIncluding": "3.6.0", "versionStartIncluding": "3.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "FoodCoopShop is open source software for food coops and local shops. Versions starting with 3.2.0 prior to 3.6.1 are vulnerable to server-side request forgery. In the Network module, a manufacturer account can use the `/api/updateProducts.json` endpoint to make the server send a request to an arbitrary host. This means that the server can be used as a proxy into the internal network where the server is. Furthermore, the checks on a valid image are not adequate, leading to a time of check time of use issue. For example, by using a custom server that returns 200 on HEAD requests, then return a valid image on first GET request and then a 302 redirect to final target on second GET request, the server will copy whatever file is at the redirect destination, making this a full SSRF. Version 3.6.1 fixes this vulnerability."}, {"lang": "es", "value": "FoodCoopShop es un software de c\u00f3digo abierto para cooperativas de alimentos y tiendas locales. Las versiones que comienzan con 3.2.0 anteriores a 3.6.1 son vulnerables a server-side request forgery. En el m\u00f3dulo de Network, una cuenta de fabricante puede usar el endpoint `/api/updateProducts.json` para hacer que el servidor env\u00ede una solicitud a un host arbitrario. Esto significa que el servidor se puede utilizar como proxy en la red interna donde se encuentra el servidor. Adem\u00e1s, las comprobaciones de una imagen v\u00e1lida no son adecuadas, lo que genera un problema de tiempo de verificaci\u00f3n de uso. Por ejemplo, al usar un servidor personalizado que devuelve 200 en solicitudes HEAD, luego devuelve una imagen v\u00e1lida en la primera solicitud GET y luego una redirecci\u00f3n 302 al destino final en la segunda solicitud GET, el servidor copiar\u00e1 cualquier archivo que est\u00e9 en el destino de la redirecci\u00f3n, haciendo Esta es una SSRF completa. La versi\u00f3n 3.6.1 corrige esta vulnerabilidad."}], "id": "CVE-2023-46725", "lastModified": "2024-11-21T08:29:09.810", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-02T15:15:08.847", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/foodcoopshop/foodcoopshop/commit/0d5bec5c4c22e1affe7fd321a30e3f3a4d99e808"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/foodcoopshop/foodcoopshop/pull/972"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/foodcoopshop/foodcoopshop/security/advisories/GHSA-jhww-fx2j-3rf7"}, {"source": "security-advisories@github.com", "tags": ["Not Applicable"], "url": "https://pastebin.com/8K5Brwbq"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/foodcoopshop/foodcoopshop/commit/0d5bec5c4c22e1affe7fd321a30e3f3a4d99e808"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/foodcoopshop/foodcoopshop/pull/972"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/foodcoopshop/foodcoopshop/security/advisories/GHSA-jhww-fx2j-3rf7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "https://pastebin.com/8K5Brwbq"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-367"}, {"lang": "en", "value": "CWE-918"}], "source": "nvd@nist.gov", "type": "Primary"}]}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object