CVE-2024-41118 - OpenCVE

streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `url` variable on line 47 of `pages/7_📦_Web_Map_Service.py` takes user input, which is passed to `get_layers` function, in which `url` is used with `get_wms_layer` method. `get_wms_layer` method creates a request to arbitrary destinations, leading to blind server-side request forgery. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Opengeos	Streamlit-geospatial

Configuration 1 [-]

cpe:2.3:a:opengeos:streamlit-geospatial:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/7_%F0%9F%93%A6_Web_Map_Service.py#L25
https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/7_%F0%9F%93%A6_Web_Map_Service.py#L47
https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/7_%F0%9F%93%A6_Web_Map_Service.py#L53
https://github.com/opengeos/streamlit-geospatial/commit/c4f81d9616d40c60584e36abb15300853a66e489
https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/

History

Mon, 26 Aug 2024 18:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Opengeos Opengeos streamlit-geospatial
CPEs		cpe:2.3:a:opengeos:streamlit-geospatial::::::::
Vendors & Products		Opengeos Opengeos streamlit-geospatial

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-07-26T20:52:46.182Z

Updated: 2024-08-02T04:46:52.574Z

Reserved: 2024-07-15T15:53:28.322Z

Link: CVE-2024-41118

Vulnrichment

Updated: 2024-08-02T04:46:52.574Z

NVD

Status : Analyzed

Published: 2024-07-26T21:15:13.653

Modified: 2024-08-26T17:33:27.287

Link: CVE-2024-41118

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-41118", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-07-15T15:53:28.322Z", "datePublished": "2024-07-26T20:52:46.182Z", "dateUpdated": "2024-08-02T04:46:52.574Z"}, "containers": {"cna": {"title": "streamlit-geospatial blind SSRF in pages/7_\ud83d\udce6_Web_Map_Service.py", "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/", "tags": ["x_refsource_CONFIRM"], "url": "https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/"}, {"name": "https://github.com/opengeos/streamlit-geospatial/commit/c4f81d9616d40c60584e36abb15300853a66e489", "tags": ["x_refsource_MISC"], "url": "https://github.com/opengeos/streamlit-geospatial/commit/c4f81d9616d40c60584e36abb15300853a66e489"}, {"name": "https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/7_%F0%9F%93%A6_Web_Map_Service.py#L25", "tags": ["x_refsource_MISC"], "url": "https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/7_%F0%9F%93%A6_Web_Map_Service.py#L25"}, {"name": "https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/7_%F0%9F%93%A6_Web_Map_Service.py#L47", "tags": ["x_refsource_MISC"], "url": "https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/7_%F0%9F%93%A6_Web_Map_Service.py#L47"}, {"name": "https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/7_%F0%9F%93%A6_Web_Map_Service.py#L53", "tags": ["x_refsource_MISC"], "url": "https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/7_%F0%9F%93%A6_Web_Map_Service.py#L53"}], "affected": [{"vendor": "opengeos", "product": "streamlit-geospatial", "versions": [{"version": "< c4f81d9616d40c60584e36abb15300853a66e489", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-07-26T20:52:46.182Z"}, "descriptions": [{"lang": "en", "value": "streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `url` variable on line 47 of `pages/7_\ud83d\udce6_Web_Map_Service.py` takes user input, which is passed to `get_layers` function, in which `url` is used with `get_wms_layer` method. `get_wms_layer` method creates a request to arbitrary destinations, leading to blind server-side request forgery. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue."}], "source": {"advisory": "GHSA-v337-9mg8-x272", "discovery": "UNKNOWN"}}, "adp": [{"affected": [{"vendor": "opengeos", "product": "streamlit-geospatial", "cpes": ["cpe:2.3:a:opengeos:streamlit-geospatial:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "c4f81d9616d40c60584e36abb15300853a66e489", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-28T13:44:09.254395Z", "id": "CVE-2024-41118", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-28T13:44:12.991Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:46:52.574Z"}, "title": "CVE Program Container", "references": [{"name": "https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/"}, {"name": "https://github.com/opengeos/streamlit-geospatial/commit/c4f81d9616d40c60584e36abb15300853a66e489", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/opengeos/streamlit-geospatial/commit/c4f81d9616d40c60584e36abb15300853a66e489"}, {"name": "https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/7_%F0%9F%93%A6_Web_Map_Service.py#L25", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/7_%F0%9F%93%A6_Web_Map_Service.py#L25"}, {"name": "https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/7_%F0%9F%93%A6_Web_Map_Service.py#L47", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/7_%F0%9F%93%A6_Web_Map_Service.py#L47"}, {"name": "https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/7_%F0%9F%93%A6_Web_Map_Service.py#L53", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/7_%F0%9F%93%A6_Web_Map_Service.py#L53"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/", "name": "https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/opengeos/streamlit-geospatial/commit/c4f81d9616d40c60584e36abb15300853a66e489", "name": "https://github.com/opengeos/streamlit-geospatial/commit/c4f81d9616d40c60584e36abb15300853a66e489", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/7_%F0%9F%93%A6_Web_Map_Service.py#L25", "name": "https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/7_%F0%9F%93%A6_Web_Map_Service.py#L25", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/7_%F0%9F%93%A6_Web_Map_Service.py#L47", "name": "https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/7_%F0%9F%93%A6_Web_Map_Service.py#L47", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/7_%F0%9F%93%A6_Web_Map_Service.py#L53", "name": "https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/7_%F0%9F%93%A6_Web_Map_Service.py#L53", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:46:52.574Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-41118", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-28T13:44:09.254395Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:opengeos:streamlit-geospatial:*:*:*:*:*:*:*:*"], "vendor": "opengeos", "product": "streamlit-geospatial", "versions": [{"status": "affected", "version": "0", "lessThan": "c4f81d9616d40c60584e36abb15300853a66e489", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-28T13:36:40.626Z"}}], "cna": {"title": "streamlit-geospatial blind SSRF in pages/7_\ud83d\udce6_Web_Map_Service.py", "source": {"advisory": "GHSA-v337-9mg8-x272", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "opengeos", "product": "streamlit-geospatial", "versions": [{"status": "affected", "version": "< c4f81d9616d40c60584e36abb15300853a66e489"}]}], "references": [{"url": "https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/", "name": "https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/opengeos/streamlit-geospatial/commit/c4f81d9616d40c60584e36abb15300853a66e489", "name": "https://github.com/opengeos/streamlit-geospatial/commit/c4f81d9616d40c60584e36abb15300853a66e489", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/7_%F0%9F%93%A6_Web_Map_Service.py#L25", "name": "https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/7_%F0%9F%93%A6_Web_Map_Service.py#L25", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/7_%F0%9F%93%A6_Web_Map_Service.py#L47", "name": "https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/7_%F0%9F%93%A6_Web_Map_Service.py#L47", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/7_%F0%9F%93%A6_Web_Map_Service.py#L53", "name": "https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/7_%F0%9F%93%A6_Web_Map_Service.py#L53", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `url` variable on line 47 of `pages/7_\ud83d\udce6_Web_Map_Service.py` takes user input, which is passed to `get_layers` function, in which `url` is used with `get_wms_layer` method. `get_wms_layer` method creates a request to arbitrary destinations, leading to blind server-side request forgery. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918: Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-07-26T20:52:46.182Z"}}}, "cveMetadata": {"cveId": "CVE-2024-41118", "state": "PUBLISHED", "dateUpdated": "2024-08-02T04:46:52.574Z", "dateReserved": "2024-07-15T15:53:28.322Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-07-26T20:52:46.182Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:opengeos:streamlit-geospatial:*:*:*:*:*:*:*:*", "matchCriteriaId": "7C3566CD-95FC-46B6-B07E-1070B3292047", "versionEndExcluding": "2024-07-19", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `url` variable on line 47 of `pages/7_?_Web_Map_Service.py` takes user input, which is passed to `get_layers` function, in which `url` is used with `get_wms_layer` method. `get_wms_layer` method creates a request to arbitrary destinations, leading to blind server-side request forgery. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue."}, {"lang": "es", "value": " streamlit-geospatial es una aplicaci\u00f3n multip\u00e1gina optimizada para aplicaciones geoespaciales. Antes de la confirmaci\u00f3n c4f81d9616d40c60584e36abb15300853a66e489, la variable `url` en la l\u00ednea 47 de `pages/7_?_Web_Map_Service.py` toma la entrada del usuario, que se pasa a la funci\u00f3n `get_layers`, en la que `url` se usa con el m\u00e9todo `get_wms_layer`. El m\u00e9todo `get_wms_layer` crea una solicitud a destinos arbitrarios, lo que lleva a blind server-side request forgery. La confirmaci\u00f3n c4f81d9616d40c60584e36abb15300853a66e489 soluciona este problema."}], "id": "CVE-2024-41118", "lastModified": "2024-08-26T17:33:27.287", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-07-26T21:15:13.653", "references": [{"source": "security-advisories@github.com", "tags": ["Product"], "url": "https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/7_%F0%9F%93%A6_Web_Map_Service.py#L25"}, {"source": "security-advisories@github.com", "tags": ["Product"], "url": "https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/7_%F0%9F%93%A6_Web_Map_Service.py#L47"}, {"source": "security-advisories@github.com", "tags": ["Product"], "url": "https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/7_%F0%9F%93%A6_Web_Map_Service.py#L53"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/opengeos/streamlit-geospatial/commit/c4f81d9616d40c60584e36abb15300853a66e489"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-918"}], "source": "security-advisories@github.com", "type": "Secondary"}]}