PromptHub Authenticated Server-Side Request Forgery Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in PromptHub versions 0.4.9 prior to 0.5.4. The issue arises in the authenticated endpoint POST /api/skills/fetch-remote, which fetches a user-supplied URL and reflects the response body back to the caller. The SSRF protection in place attempts to block private and loopback destinations but can be bypassed using alternate representations of IPv6 addresses. This allows access to any IPv4 address, including loopback and private ranges, via IPv4-mapped IPv6 in hex form. The vulnerability can be exploited by any authenticated user, and in deployments with registration allowed, by any internet user who can register.

Impact

Exploitation of this vulnerability allows for cross-tenant authenticated SSRF, where an attacker can coerce the server into making requests to internal services or loopback addresses, potentially leading to unauthorized access or data exposure.

Reproduction

To reproduce this vulnerability, register an account on a PromptHub deployment with 'ALLOW_REGISTRATION=true'. After logging in, send a POST request to '/api/skills/fetch-remote' with an IPv6 address that bypasses the SSRF protection, such as a loopback or private IPv4 address via IPv4-mapped IPv6 in hex form. The server will respond with the fetched content, confirming the SSRF exploit.

Remediation

Users can update to PromptHub version 0.5.4, where this vulnerability has been patched.