CVE-2023-46725
Summary
| CVE | CVE-2023-46725 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2023-11-02 15:15:00 UTC |
|---|
| Updated | 2023-11-09 21:16:00 UTC |
|---|
| Description | FoodCoopShop is open source software for food coops and local shops. Versions starting with 3.2.0 prior to 3.6.1 are vulnerable to server-side request forgery. In the Network module, a manufacturer account can use the `/api/updateProducts.json` endpoint to make the server send a request to an arbitrary host. This means that the server can be used as a proxy into the internal network where the server is. Furthermore, the checks on a valid image are not adequate, leading to a time of check time of use issue. For example, by using a custom server that returns 200 on HEAD requests, then return a valid image on first GET request and then a 302 redirect to final target on second GET request, the server will copy whatever file is at the redirect destination, making this a full SSRF. Version 3.6.1 fixes this vulnerability. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Remotefile security fix by mrothauer · Pull Request #972 · foodcoopshop/foodcoopshop · GitHub |
MISC |
github.com |
|
| Merge pull request #972 from foodcoopshop/remotefile · foodcoopshop/foodcoopshop@0d5bec5 · GitHub |
MISC |
github.com |
|
| Potential SSRF vulnerability · Advisory · foodcoopshop/foodcoopshop · GitHub |
MISC |
github.com |
|
| example - Pastebin.com |
MISC |
pastebin.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 995809 PHP (Composer) Security Update for foodcoopshop/foodcoopshop (GHSA-jhww-fx2j-3rf7)
