zhayujie CowAgent
- <= 2.1.1
A server-side request forgery (SSRF) vulnerability has been identified in zhayujie CowAgent versions through 2.1.1. The issue resides in the WebFetch tool, specifically within the execute function of web_fetch.py. The vulnerability allows for manipulation of the 'url' argument, enabling requests to internal or special-use HTTP destinations. This flaw can be exploited remotely, potentially leading to unauthorized access to internal services or metadata endpoints. The vulnerability has been publicly disclosed and exploited, but has been patched in version 2.1.2.
Exploitation of this vulnerability allows for server-side HTTP requests to internal network locations, bypassing normal access controls. This could be used to access private APIs, metadata services, or other internal resources that are not exposed to the public internet.
The vulnerability can be reproduced by using the CowAgent application and directing the WebFetch tool to fetch a URL that points to a loopback or private address. This can be done by manually setting the 'url' argument to an internal IP address, such as 'http://127.0.0.1' or 'http://198.18.0.1:18080/special-use', which will successfully reach the targeted internal service without any validation or blockage.
Users are advised to upgrade to zhayujie CowAgent version 2.1.2 or later, where this vulnerability has been fixed. The update can be downloaded from the CowAgent GitHub releases page.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.