Frigate Server-Side Request Forgery Vulnerability in ffprobe Endpoint

A Server-Side Request Forgery (SSRF) vulnerability has been identified in Frigate, a network video recorder (NVR) application, prior to version 0.16.3. The issue arises in the /ffprobe endpoint, which accepts arbitrary user-controlled URLs without proper validation. This lack of validation allows attackers to use the Frigate server to make HTTP requests to internal network resources, access cloud metadata services, or perform port scanning. Exploitation of this vulnerability requires authenticated access to Frigate as a viewer.

Impact

Exploitation of this vulnerability could lead to unauthorized access to internal network resources, bypassing firewall restrictions, and the ability to perform port scans on internal networks.

Reproduction

To reproduce this vulnerability, an authenticated user with viewer privileges can send a request to the /ffprobe endpoint with a URL payload. The Frigate server will then forward the request to the specified URL, allowing the attacker to access internal resources or services.

Remediation

Users can upgrade to Frigate version 0.16.3 or later to address this vulnerability.