WWBN AVideo LiveLinks Proxy Unauthenticated SSRF Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in the LiveLinks proxy of WWBN AVideo, an open-source video platform. This issue affects versions through 29.0. The vulnerability arises from an incomplete fix that introduces validation for redirect URLs but fails to address timing-of-check-to-use vulnerabilities. These allow DNS rebinding attacks to redirect internal traffic through the server, potentially exposing sensitive endpoints such as cloud metadata services.

Impact

Exploitation of this vulnerability allows attackers to bypass SSRF protections and access internal services, cloud metadata endpoints, and other restricted resources. This could lead to unauthorized data exposure, such as IAM credentials from metadata services, or allow probing of internal networks to map infrastructure.

Reproduction

The vulnerability can be reproduced by sending a request to the LiveLinks proxy with a URL that triggers a DNS rebinding attack. This can be done by using a domain that the attacker controls, which can return different IP addresses based on the number of DNS resolutions. The first resolution can be a safe external IP, while subsequent ones can be an internal IP, such as a cloud metadata endpoint.

Remediation

Users are advised to update to version 29.0 or later, where this vulnerability has been addressed.