ClipBucket Remote Server-Side Request Forgery Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in ClipBucket version 5 prior to 5.5.3 - #45. The issue arises in the Remote Play feature, which allows users to create video entries by referencing external video URLs without uploading the actual video files to the server. However, by inserting an internal network host in the video URL, an attacker can trigger the SSRF vulnerability, causing GET requests to be sent to internal servers. This exploitation can be used to scan the internal network for accessible services and hosts. Notably, this vulnerability can be exploited by regular (non-privileged) users.

Impact

Exploitation of this vulnerability allows for internal network scanning via the ClipBucket server, potentially exposing internal hosts and services that are not meant to be accessible from the outside. This could lead to further attacks or exploitation of internal resources.

Reproduction

To reproduce this vulnerability, send a POST request to the '/actions/remote_play_send_form.php' endpoint. Include a video URL that points to an internal network host. The server will respond differently depending on whether the internal host is reachable, allowing confirmation of the server's existence and facilitating network scanning.

Remediation

Users can update to ClipBucket version 5.5.3 - #45 or later, where this vulnerability has been patched.