CVE-2023-25753 - OpenCVE

There exists an SSRF (Server-Side Request Forgery) vulnerability located at the /sandbox/proxyGateway endpoint. This vulnerability allows us to manipulate arbitrary requests and retrieve corresponding responses by inputting any URL into the requestUrl parameter. Of particular concern is our ability to exert control over the HTTP method, cookies, IP address, and headers. This effectively grants us the capability to dispatch complete HTTP requests to hosts of our choosing. This issue affects Apache ShenYu: 2.5.1. Upgrade to Apache ShenYu 2.6.0 or apply patch https://github.com/apache/shenyu/pull/4776 .

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Apache	Shenyu

Configuration 1 [-]

cpe:2.3:a:apache:shenyu:2.5.1:*:*:*:*:*:*:*

References

Link	Resource
https://lists.apache.org/thread/chprswxvb22z35vnoxv9tt3zknsm977d	Mailing List Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: apache

Published: 2023-10-19T08:35:24.075Z

Updated: 2023-10-19T08:35:31.452Z

Reserved: 2023-02-13T14:14:30.512Z

Link: CVE-2023-25753

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-10-19T09:15:08.480

Modified: 2023-10-25T17:20:20.830

Link: CVE-2023-25753

JSON object: View

Redhat Information

No data.

CWE

CWE-918

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-25753", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2023-02-13T14:14:30.512Z", "datePublished": "2023-10-19T08:35:24.075Z", "dateUpdated": "2023-10-19T08:35:31.452Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Apache ShenYu", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "2.5.1", "status": "affected", "version": "0", "versionType": "maven"}]}], "credits": [{"lang": "en", "type": "finder", "value": "by3"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<p>There exists an SSRF (Server-Side Request Forgery) vulnerability located at the /sandbox/proxyGateway endpoint. This vulnerability allows us to manipulate arbitrary requests and retrieve corresponding responses by inputting any URL into the requestUrl parameter.</p><p>Of particular concern is our ability to exert control over the HTTP method, cookies, IP address, and headers. This effectively grants us the capability to dispatch complete HTTP requests to hosts of our choosing.</p><p>\n\n</p><p>This issue affects Apache ShenYu: 2.5.1.</p><p>Upgrade to Apache ShenYu 2.6.0 or apply patch <a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/apache/shenyu/pull/4776\">https://github.com/apache/shenyu/pull/4776</a> .</p><p></p>\n\n"}], "value": "\nThere exists an SSRF (Server-Side Request Forgery) vulnerability located at the /sandbox/proxyGateway endpoint. This vulnerability allows us to manipulate arbitrary requests and retrieve corresponding responses by inputting any URL into the requestUrl parameter.\n\nOf particular concern is our ability to exert control over the HTTP method, cookies, IP address, and headers. This effectively grants us the capability to dispatch complete HTTP requests to hosts of our choosing.\n\nThis issue affects Apache ShenYu: 2.5.1.\n\nUpgrade to Apache ShenYu 2.6.0 or apply patch\u00a0 https://github.com/apache/shenyu/pull/4776 \u00a0.\n\n"}], "metrics": [{"other": {"content": {"text": "low"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2023-10-19T08:35:31.452Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/chprswxvb22z35vnoxv9tt3zknsm977d"}], "source": {"discovery": "UNKNOWN"}, "title": "Server-Side Request Forgery in Apache ShenYu", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:shenyu:2.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "5FF6FCF7-9CEF-4E24-B669-256B1C825361", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "\nThere exists an SSRF (Server-Side Request Forgery) vulnerability located at the /sandbox/proxyGateway endpoint. This vulnerability allows us to manipulate arbitrary requests and retrieve corresponding responses by inputting any URL into the requestUrl parameter.\n\nOf particular concern is our ability to exert control over the HTTP method, cookies, IP address, and headers. This effectively grants us the capability to dispatch complete HTTP requests to hosts of our choosing.\n\nThis issue affects Apache ShenYu: 2.5.1.\n\nUpgrade to Apache ShenYu 2.6.0 or apply patch\u00a0 https://github.com/apache/shenyu/pull/4776 \u00a0.\n\n"}, {"lang": "es", "value": "Existe una vulnerabilidad SSRF (falsificaci\u00f3n de solicitudes del lado del servidor) ubicada en el endpoint /sandbox/proxyGateway. Esta vulnerabilidad nos permite manipular solicitudes arbitrarias y recuperar las respuestas correspondientes ingresando cualquier URL en el par\u00e1metro requestUrl. De particular preocupaci\u00f3n es nuestra capacidad para ejercer control sobre el m\u00e9todo HTTP, las cookies, la direcci\u00f3n IP y los encabezados. Esto efectivamente nos otorga la capacidad de enviar solicitudes HTTP completas a los hosts de nuestra elecci\u00f3n. Este problema afecta a Apache ShenYu: 2.5.1. Actualice a Apache ShenYu 2.6.0 o aplique el parche https://github.com/apache/shenyu/pull/4776"}], "id": "CVE-2023-25753", "lastModified": "2023-10-25T17:20:20.830", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-19T09:15:08.480", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread/chprswxvb22z35vnoxv9tt3zknsm977d"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-918"}], "source": "security@apache.org", "type": "Secondary"}]}