Oxeye warns of SSRF Vulnerability in Owncast, SQL Injection Flaws in EaseProbe


Oxeye, a renowned provider of cloud-native application security platforms, has recently disclosed two significant security vulnerabilities affecting widely used open-source platforms. The vulnerabilities, discovered by Oxeye‘s advanced AppSec Platform, require immediate attention to mitigate potential risks.

This article delves into the details of these vulnerabilities and highlights the recommended actions to ensure the security of affected applications.

Owncast Vulnerability

One of the vulnerabilities (CVE-2023-3188) was found in Owncast, a popular open-source, self-hosted live video streaming and chat server. Oxeye’s security researchers identified an Unauthenticated Blind Server-Side Request Forgery (SSRF) flaw that allows unauthenticated attackers to exploit the Owncast server by manipulating it to send HTTP requests to arbitrary locations.

By specifying URL paths and query parameters, attackers can potentially compromise the Owncast server’s security. The severity of this vulnerability, rated at 8.3/10 by CNA CVSS, underscores the urgency for remediation.

Upon careful analysis, Oxeye Security determined that the vulnerable code lies within Owncast’s GetWebfingerLinks function. Specifically, the issue resides in the parsing of user-controlled input passed through the “account” parameter, which is then treated as a URL. The vulnerability enables unauthorized SSRF attacks, posing a serious threat to the application’s security.

To address this critical SSRF vulnerability, Oxeye Security recommends implementing measures such as prohibiting the Owncast server’s HTTP client from following HTTP redirections. Additionally, restricting the vulnerable endpoint to only authenticated users would effectively minimize the risk of unauthorized access.

EaseProbe Vulnerability

Oxeye has also uncovered multiple SQL injection vulnerabilities in EaseProbe, a lightweight and standalone health/status checking tool. These vulnerabilities, classified as Config-Based SQL-Injection, present significant security risks to EaseProbe users. With a critical NIST CVSS security score of 9.8/10 (CVE-2023-33967), these vulnerabilities demand immediate attention.

An in-depth evaluation conducted by Oxeye Security using their custom SAST solution for Golang applications revealed that the vulnerable code resides within the MySQL and Postgres database client code of EaseProbe (1, 2).

Exploiting these vulnerabilities allows attackers with control over EaseProbe’s configuration to read, modify, or delete data within the configured databases. In certain circumstances, attackers can even execute arbitrary system commands on the database server.

By demonstrating a practical exploitation scenario on a Postgres database, Oxeye Security highlighted the risks associated with these vulnerabilities. The injection of a malicious command via unsafely formatted database queries enabled the successful execution of arbitrary system commands.

To mitigate the risks associated with SQL injection attacks, Oxeye Security advises implementing proper input sanitization techniques such as prepared statements and parameterized queries. Regularly updating and patching the application is also crucial to address any known vulnerabilities effectively.

Collaborative Resolution Efforts

Oxeye Security has promptly notified the development teams behind Owncast and EaseProbe, providing comprehensive details of the vulnerabilities and recommended remediation steps. By working closely with the respective teams, Oxeye aims to expedite the resolution process and safeguard the affected communities.

It is worth noting that the EaseProbe team has already addressed these vulnerabilities in version 2.1.0, and users are encouraged to update their installations accordingly.

  1. Apple Issues Device Updates to Patch Critical Vulnerability
  2. Vulnerability Revealed OpenSea NFT Market Users’ Identities
  3. Zimbra email platform vulnerability exploited to steal EU emails
  4. Critical RCE Vulnerability Puts 330,000 Fortinet Firewalls at Risk
  5. Bing.com Vulnerability allowed Takeover, Search Result Manipulation



Source link