logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

CVE-2024-31223 ethyca-fides

Package

Manager: pip
Name: ethyca-fides
Vulnerable Version: >=2.19.0 <2.39.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00271 pctl0.50315

Details

Information Disclosure Vulnerability in Privacy Center of SERVER_SIDE_FIDES_API_URL `SERVER_SIDE_FIDES_API_URL` is a server-side configuration environment variable used by the Fides Privacy Center to communicate with the Fides webserver backend. The value of this variable is a URL which typically includes a private IP address, private domain name, and/or port. This vulnerability allows an unauthenticated attacker to make a HTTP GET request from the Privacy Center that discloses the value of this server-side URL. ### Impact Disclosure of server-side configuration giving an attacker information on server-side ports, private IP addresses, and/or private domain names. ### Patches The vulnerability has been patched in Fides version `2.39.2`. Users are advised to upgrade to this version or later to secure their systems against this threat. ### Workarounds There are no workarounds. ### Proof of Concept 1. Set the value of the environment variable `FIDES_PRIVACY_CENTER__SERVER_SIDE_FIDES_API_URL` of your Fides Privacy Center container before start-up to a private value such as `https://some.private.domain.name/api/v1` and start the Privacy Center application. 2. Once the application is up, perform a HTTP GET request of the Privacy Center's main page e.g. `https://privacy.example.com` . The value of `SERVER_SIDE_FIDES_API_URL` is returned in the response's body. ``` ~ ❯ curl -s https://privacy.example.com/ | \ grep '__NEXT_DATA__' | \ sed 's/.*<script id="__NEXT_DATA__" type="application\/json">//;s/<\/script>.*//' | \ jq '.props.serverEnvironment.settings.SERVER_SIDE_FIDES_API_URL' "https://some.private.domain.name/api/v1" ```

Metadata

Created: 2024-07-05T20:40:06Z
Modified: 2024-07-05T20:40:06Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/07/GHSA-53q7-4874-24qg/GHSA-53q7-4874-24qg.json
CWE IDs: ["CWE-497"]
Alternative ID: GHSA-53q7-4874-24qg
Finding: F017
Auto approve: 1