zevorn rt-claw
- <= 0.2.0
A server-side request forgery (SSRF) vulnerability has been identified in Zevorn RT-Claw versions through 0.2.0. The issue resides in the 'receiver_thread' function within 'claw/services/swarm/swarm.c', specifically related to the 'http_request' component. This vulnerability allows remote attackers to manipulate requests that the server processes, potentially accessing internal resources or loopback addresses.
Exploitation of this vulnerability allows an attacker to send requests to internal HTTP endpoints or loopback addresses, bypassing network restrictions. The response from these requests is then exfiltrated back to the attacker via the same RPC channel, making this a direct SSRF vulnerability with response leakage.
The vulnerability can be reproduced by sending an unauthenticated UDP packet to the RT-Claw swarm RPC service. This packet can include a JSON payload that specifies a URL targeting an internal or loopback HTTP resource. Once the RT-Claw application processes this request, it will fetch the specified URL without proper validation, allowing access to restricted endpoints. The response can then be returned through the RPC channel, demonstrating the SSRF exploitation.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.