MISP Modules Expansion Unsafe Remote Resource Fetching Vulnerability Allowing Server-Side Request Forgery

A vulnerability allowing unsafe remote resource fetching has been identified in the MISP Modules expansion, prior to version 3.0.7. The issue arises in the 'html_to_markdown' module, which accepted arbitrary HTTP(S) URLs without adequate validation. This lack of validation could lead to Server-Side Request Forgery (SSRF) attacks against loopback, private, or link-local network resources. Additionally, the 'qrcode' module disabled TLS certificate verification when fetching remote images, making these requests susceptible to man-in-the-middle attacks or response tampering.

Impact

Exploitation of this vulnerability could result in Server-Side Request Forgery, allowing an attacker to manipulate requests from the server to internal or private network resources. In the case of the 'qrcode' module, the absence of TLS verification could lead to interception or alteration of image responses.

Remediation

Users can update to MISP Modules version 3.0.7 or later, where this vulnerability has been fixed. Instructions for updating can be found in the MISP Modules repository.