7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-40017

GHSA ID

GHSA-rmxg-6qqf-x8mr

EPSS Score

0.25632%

CWE

CWE-918

Published

11/21/2024

Updated

11/21/2024

KEV Status

Technology

Python

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-40017

CVE-2023-40017: GeoNode Server Side Request forgery

Summary

A server side request forgery vuln was found within geonode when testing on a bug bounty program. Server side request forgery allows a user to request information on the internal service/services.

Details

The endpoint /proxy/?url= does not properly protect against SSRF. when using the following format you can request internal hosts and display data. /proxy/?url=http://169.254.169.254@whitelistedIPhere. This will state wether the AWS internal IP is alive. If you get a 404, the host is alive. A non alive host will not display a response. To display metadata, use a hashfrag on the url /proxy/?url=http://169.254.169.254@#whitelisteddomain.com or try /proxy/?url=http://169.254.169.254@%23whitelisteddomain.com

Impact

Port scan internal hosts, and request information from internal hosts.

(GitHub Advisory)

7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-40017

GHSA ID

GHSA-rmxg-6qqf-x8mr

EPSS Score

0.25632%

CWE

CWE-918

Published

11/21/2024

Updated

11/21/2024

KEV Status

Technology

Python

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
geonode	pip	>= 3.2.0, < 4.2.0	4.2.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stemmed from improper URL parsing in the proxy endpoint's host validation. The key indicators are:

The commit modifies the validation logic to use a new extract_ip_or_domain function instead of url.hostname
Added tests demonstrate SSRF attempts using @ and URL-encoded fragments
The CWE-918 classification confirms it's an SSRF validation flaw
The patch introduces ipaddress validation and regex-based extraction to properly handle potentially malicious URL formats

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Summ*ry * s*rv*r si** r*qu*st *or**ry vuln w*s *oun* wit*in **ono** w**n t*stin* on * *u* *ounty pro*r*m. S*rv*r si** r*qu*st *or**ry *llows * us*r to r*qu*st in*orm*tion on t** int*rn*l s*rvi**/s*rvi**s. ### **t*ils T** *n*point /proxy/?url= *o

Reasoning

T** vuln*r**ility st*mm** *rom improp*r URL p*rsin* in t** proxy *n*point's *ost v*li**tion. T** k*y in*i**tors *r*: *. T** *ommit mo*i*i*s t** v*li**tion lo*i* to us* * n*w *xtr**t_ip_or_*om*in *un*tion inst*** o* url.*ostn*m* *. ***** t*sts **monst

7.5

Basic Information

Concerned about an active attack path?

CVE-2023-40017: GeoNode Server Side Request forgery

Summary

Details

Impact

7.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI