CVE-2022-38580 – github.com/zalando/skipper

Package

Manager: go
Name: github.com/zalando/skipper
Vulnerable Version: >=0 <0.13.237

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.48898 pctl0.97694

Details

Skipper vulnerable to SSRF via X-Skipper-Proxy ### Impact Skipper prior to version v0.13.236 is vulnerable to server-side request forgery (SSRF). An attacker can exploit a vulnerable version of proxy to access the internal metadata server or other unauthenticated URLs by adding an specific header (X-Skipper-Proxy) to the http request. ### Patches The problem was patched in version https://github.com/zalando/skipper/releases/tag/v0.13.237. Users need to upgrade to skipper `>=v0.13.237`. ### Workarounds Use `dropRequestHeader("X-Skipper-Proxy")` filter ### References https://github.com/zalando/skipper/releases/tag/v0.13.237 ### For more information If you have any questions or comments about this advisory: * Open an issue in https://github.com/zalando/skipper/issues/new/choose * Chat with us in slack: https://app.slack.com/client/T029RQSE6/C82Q5JNH5

Metadata

Created: 2022-10-25T20:22:29Z
Modified: 2023-08-30T09:52:10Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/10/GHSA-f2rj-m42r-6jm2/GHSA-f2rj-m42r-6jm2.json
CWE IDs: ["CWE-918"]
Alternative ID: GHSA-f2rj-m42r-6jm2
Finding: F100
Auto approve: 1