The Librarian Internal Port Scanning Vulnerability via SSRF
Vulnerability
A vulnerability in The Librarian's web application allows for internal port scanning through server-side request forgery (SSRF) techniques. This issue arises from the 'web_fetch' tool, which can be manipulated to send GET requests to internal IP addresses and services. The vulnerability exposes the application's cloud environment on Hetzner, potentially leading to unauthorized access or disruption of internal services.
Impact
Exploitation of this vulnerability could allow an attacker to conduct unauthorized reconnaissance of The Librarian's internal cloud infrastructure, potentially leading to the discovery and exploitation of other vulnerabilities or sensitive information.
Reproduction
The vulnerability can be reproduced by using the 'web_fetch' tool with encoded IP addresses or wildcard DNS hostnames that resolve to internal addresses. This approach bypasses the tool's restrictions on private IPs and hostnames, allowing access to internal services and metadata.
Remediation
The vendor has stated that this vulnerability has been fixed in all affected versions.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.