Miggo Logo
Miggo Vulnerability Database
CVE-2023-27163

CVE-2023-27163: request-baskets vulnerable to Server-Side Request Forgery

6.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2023-27163
GHSA ID
GHSA-58g2-vgpg-335q
EPSS Score
0.9975%
CWE
CWE-918
Published
3/31/2023
Updated
8/11/2023
KEV Status
No
Technology
TechnologyGo

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
github.com/darklynx/request-basketsgo<= 1.2.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The SSRF vulnerability stems from improper validation of user-controlled 'forward_url' parameters in basket creation/update API endpoints. The handlers.go file contains the HTTP request processing logic for /api/baskets/{name} routes. The CreateBasket and UpdateBasket functions directly process the 'forward_url' value from untrusted input without sufficient validation of allowed protocols or target domains, enabling attackers to make requests to internal network resources. The high confidence comes from: 1) Explicit vulnerability reports linking the issue to these API endpoints 2) The documented exploit requiring manipulation of forward_url 3) The architectural role of these handlers in processing basket configurations.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

r*qu*st-**sk*ts up to v*.*.* w*s *is*ov*r** to *ont*in * S*rv*r-Si** R*qu*st *or**ry (SSR*) vi* t** *ompon*nt /*pi/**sk*ts/{n*m*}. T*is vuln*r**ility *llows *tt**k*rs to ****ss n*twork r*sour**s *n* s*nsitiv* in*orm*tion vi* * *r**t** *PI r*qu*st.

Reasoning

T** SSR* vuln*r**ility st*ms *rom improp*r v*li**tion o* us*r-*ontroll** '*orw*r*_url' p*r*m*t*rs in **sk*t *r**tion/up**t* *PI *n*points. T** **n*l*rs.*o *il* *ont*ins t** *TTP r*qu*st pro**ssin* lo*i* *or /*pi/**sk*ts/{n*m*} rout*s. T** *r**t***sk*