4.3

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2024-52594

CVE-2024-52594: Gomatrixserverlib Server-Side Request Forgery (SSRF) on redirects and federation

Impact

Gomatrixserverlib is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions.

Patches

c4f1e01eab0dd435709ad15463ed38a079ad6128 fixes this issue.

Workarounds

Use a local firewall to limit the network segments and hosts the service using gomatrixserverlib can access.

References

N/A

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2024-52594

CVE-2024-52594:

4.3

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
github.com/matrix-org/gomatrixserverlib	go	<= 0.0.0-20250106190028-bf86bc98b879	0.0.0-20250116181547-c4f1e01eab0d

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from missing network access controls in two key areas: 1) HTTP client transport creation (newDestinationTripper/getTransport) that didn't restrict target networks, and 2) DNS resolution (NewDNSCache/DialContext) that allowed internal IP resolution. The patch added allow/deny CIDR checks in both components. The affected functions directly handle outbound connections and DNS lookups without proper network segmentation controls in vulnerable versions, making them the root cause of SSRF possibilities. High confidence comes from explicit security controls being added in these exact functions in the patch.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

4.3

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2024-52594: Gomatrixserverlib Server-Side Request Forgery (SSRF) on redirects and federation

Impact

Patches

Workarounds

References

CVE-2024-52594:

4.3

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

4.3

4.3

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Technical Details

Basic Information

Basic Information

CVE-2024-52594: Gomatrixserverlib Server-Side Request Forgery (SSRF) on redirects and federation

Impact

Patches

Workarounds

References

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI