GuardDog SSRF Vulnerability Leading to GitHub Token Exfiltration

A server-side request forgery (SSRF) vulnerability has been identified in GuardDog, a command-line tool for detecting malicious PyPI packages. This issue affects versions 1.0.0 through 2.9.0. The vulnerability arises because the tool's remote project scanning feature blindly rewrites repository URLs controlled by attackers. It then sends the modified request along with the user's GitHub credentials, specifically the GH_TOKEN, via HTTP Basic Authentication. As a result, an attacker who can manipulate the scanned URL could intercept the GitHub token and potentially access sensitive information or perform actions on behalf of the user.

Impact

Exploitation of this vulnerability allows for the theft of the GitHub Personal Access Token (PAT) from the GH_TOKEN environment variable. Additionally, it introduces a server-side request forgery (SSRF) risk, enabling attackers to access internal or localhost services that the GuardDog scanner can reach. Furthermore, it could expose content from dependency files returned by the manipulated endpoint.

Reproduction

To reproduce this vulnerability, start an HTTP listener on localhost at port 18081 to log incoming requests and the Authorization header. Set the GitHub username and token as environment variables. Then, use the 'PypiRequirementsScanner' to scan a crafted URL that exploits the blind string replacement vulnerability. This will trigger a request to the attacker's server, including the GitHub token in the Authorization header.