Matrix Media Repo Server-Side Request Forgery Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in Matrix Media Repo (MMR) versions prior to 1.3.8. This vulnerability allows MMR to access and serve content from internal networks under certain conditions. The issue arises when MMR is manipulated to make requests to internal resources, potentially exposing sensitive data or services.

Impact

Exploitation of this vulnerability could lead to unauthorized access to internal resources, such as cloud metadata services that contain sensitive information like authentication credentials. This could allow an attacker to escalate privileges or access restricted administrative interfaces.

Reproduction

To reproduce this vulnerability, upload an image by providing a URL that points to a resource on the internal network, such as 'localhost' or '127.0.0.1'. MMR will fetch the image from the specified URL and return it to the user. If the URL points to an internal service, such as an administrative portal or a database metadata endpoint, this could be exploited to access sensitive information or credentials.

Remediation

Users are advised to upgrade to Matrix Media Repo version 1.3.8. For those unable to upgrade, restricting outbound requests to safe hosts using local firewall rules or a transparent proxy may provide a temporary workaround.