Karakeep Server-Side Request Forgery Vulnerability

A Server-Side Request Forgery (SSRF) vulnerability exists in Karakeep versions 0.26.0 to 0.7.0. This vulnerability arises from inadequate filtering of addresses, allowing requests to be sent to internal services or networks. The issue can be exploited by entering certain internal IP addresses or hostnames into the application's 'New Item' input box.

Impact

Exploitation of this vulnerability allows for Server-Side Request Forgery, where an attacker can make the server send requests to internal services or networks, potentially leading to unauthorized access or information disclosure.

Reproduction

To reproduce this vulnerability, log into the Karakeep application. In the 'New Item' input box on the Home page, enter 'host.docker.internal' or an internal IP address. This will trigger the SSRF vulnerability by sending a request to the specified internal address.