Miggo Logo

CVE-2019-8151: Magento Server-Side Request Forgery (SSRF)

7.2

CVSS Score
3.1

Basic Information

EPSS Score
0.77108%
Published
5/24/2022
Updated
2/12/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
magento/community-editioncomposer>= 2.2.0, < 2.2.102.2.10
magento/community-editioncomposer>= 2.3.0, < 2.3.2-p22.3.2-p2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper validation of user-supplied URLs in carrier gateway configurations. Admin users could inject malicious URLs into shipping settings, which are then processed by functions responsible for communicating with external carriers. Functions like _getCachedQuotes (general carrier logic) and _doShipmentRequest (USPS-specific implementation) are critical points where unvalidated URLs would be used for server-side requests. These patterns align with the SSRF-to-RCE mechanism described in CVE-2019-8151, and the file paths correspond to Magento's core shipping module structure.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* r*mot* *o** *x**ution vuln*r**ility *xists in M***nto *.* prior to *.*.**, M***nto *.* prior to *.*.* or *.*.*-p*. *n *ut**nti**t** us*r wit* **min privil***s to m*nipul*t* s*ippm*nt s*ttin*s **n *x**ut* *r*itr*ry *o** t*rou** s*rv*r-si** r*qu*st *

Reasoning

T** vuln*r**ility st*ms *rom improp*r v*li**tion o* us*r-suppli** URLs in **rri*r **t*w*y *on*i*ur*tions. **min us*rs *oul* inj**t m*li*ious URLs into s*ippin* s*ttin*s, w*i** *r* t**n pro**ss** *y *un*tions r*sponsi*l* *or *ommuni**tin* wit* *xt*rn*