pyLoad Server-Side Request Forgery Vulnerability in Redirect Handling

A server-side request forgery (SSRF) vulnerability has been identified in pyLoad versions through 0.5.0b3. The issue arises because the application follows HTTP redirects to internal addresses without validating them against an SSRF filter. This vulnerability allows an authenticated user with ADD permission to access internal network services or cloud metadata endpoints, potentially leading to unauthorized data exposure.

Impact

Exploitation of this vulnerability allows access to internal network services, localhost services, and cloud metadata endpoints for various cloud providers, including AWS and Azure. This access could result in the unauthorized retrieval of sensitive information, such as IAM credentials.

Reproduction

To reproduce this vulnerability, an authenticated user with ADD permission can submit a download request with a URL that redirects to an internal address. The pyLoad application will follow the redirect without proper validation, bypassing the SSRF protection and allowing access to the internal resource.

Remediation

Users are advised to update to pyLoad version 0.5.0b3.dev97, where this vulnerability has been patched.