CVE-2023-46725

{"id": "CVE-2023-46725", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.6}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2023-11-02T15:15:08.847", "references": [{"url": "https://github.com/foodcoopshop/foodcoopshop/commit/0d5bec5c4c22e1affe7fd321a30e3f3a4d99e808", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/foodcoopshop/foodcoopshop/pull/972", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/foodcoopshop/foodcoopshop/security/advisories/GHSA-jhww-fx2j-3rf7", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://pastebin.com/8K5Brwbq", "tags": ["Not Applicable"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-367"}, {"lang": "en", "value": "CWE-918"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "FoodCoopShop is open source software for food coops and local shops. Versions starting with 3.2.0 prior to 3.6.1 are vulnerable to server-side request forgery. In the Network module, a manufacturer account can use the `/api/updateProducts.json` endpoint to make the server send a request to an arbitrary host. This means that the server can be used as a proxy into the internal network where the server is. Furthermore, the checks on a valid image are not adequate, leading to a time of check time of use issue. For example, by using a custom server that returns 200 on HEAD requests, then return a valid image on first GET request and then a 302 redirect to final target on second GET request, the server will copy whatever file is at the redirect destination, making this a full SSRF. Version 3.6.1 fixes this vulnerability."}, {"lang": "es", "value": "FoodCoopShop es un software de c\u00f3digo abierto para cooperativas de alimentos y tiendas locales. Las versiones que comienzan con 3.2.0 anteriores a 3.6.1 son vulnerables a server-side request forgery. En el m\u00f3dulo de Network, una cuenta de fabricante puede usar el endpoint `/api/updateProducts.json` para hacer que el servidor env\u00ede una solicitud a un host arbitrario. Esto significa que el servidor se puede utilizar como proxy en la red interna donde se encuentra el servidor. Adem\u00e1s, las comprobaciones de una imagen v\u00e1lida no son adecuadas, lo que genera un problema de tiempo de verificaci\u00f3n de uso. Por ejemplo, al usar un servidor personalizado que devuelve 200 en solicitudes HEAD, luego devuelve una imagen v\u00e1lida en la primera solicitud GET y luego una redirecci\u00f3n 302 al destino final en la segunda solicitud GET, el servidor copiar\u00e1 cualquier archivo que est\u00e9 en el destino de la redirecci\u00f3n, haciendo Esta es una SSRF completa. La versi\u00f3n 3.6.1 corrige esta vulnerabilidad."}], "lastModified": "2023-11-09T21:16:04.827", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:foodcoopshop:foodcoopshop:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F749AE9-CD3D-408F-ADA7-47D384325618", "versionEndIncluding": "3.6.0", "versionStartIncluding": "3.2.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}