CVE-2023-25753 (GCVE-0-2023-25753)

Vulnerability from cvelistv5 – Published: 2023-10-19 08:35 – Updated: 2024-09-12 20:32
VLAI?
Summary
There exists an SSRF (Server-Side Request Forgery) vulnerability located at the /sandbox/proxyGateway endpoint. This vulnerability allows us to manipulate arbitrary requests and retrieve corresponding responses by inputting any URL into the requestUrl parameter. Of particular concern is our ability to exert control over the HTTP method, cookies, IP address, and headers. This effectively grants us the capability to dispatch complete HTTP requests to hosts of our choosing. This issue affects Apache ShenYu: 2.5.1. Upgrade to Apache ShenYu 2.6.0 or apply patch  https://github.com/apache/shenyu/pull/4776  .
Severity ?
No CVSS data available.
CWE
  • CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
Impacted products
Vendor Product Version
Apache Software Foundation Apache ShenYu Affected: 0 , ≤ 2.5.1 (maven)
Create a notification for this product.
Credits
by3
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T11:32:11.718Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/chprswxvb22z35vnoxv9tt3zknsm977d"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-25753",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-12T20:32:03.176770Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T20:32:26.867Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache ShenYu",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "2.5.1",
              "status": "affected",
              "version": "0",
              "versionType": "maven"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "by3"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cp\u003eThere exists an SSRF (Server-Side Request Forgery) vulnerability located at the /sandbox/proxyGateway endpoint. This vulnerability allows us to manipulate arbitrary requests and retrieve corresponding responses by inputting any URL into the requestUrl parameter.\u003c/p\u003e\u003cp\u003eOf particular concern is our ability to exert control over the HTTP method, cookies, IP address, and headers. This effectively grants us the capability to dispatch complete HTTP requests to hosts of our choosing.\u003c/p\u003e\u003cp\u003e\n\n\u003c/p\u003e\u003cp\u003eThis issue affects Apache ShenYu: 2.5.1.\u003c/p\u003e\u003cp\u003eUpgrade to Apache ShenYu 2.6.0 or apply patch\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/apache/shenyu/pull/4776\"\u003ehttps://github.com/apache/shenyu/pull/4776\u003c/a\u003e\u0026nbsp;.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\n\n"
            }
          ],
          "value": "\nThere exists an SSRF (Server-Side Request Forgery) vulnerability located at the /sandbox/proxyGateway endpoint. This vulnerability allows us to manipulate arbitrary requests and retrieve corresponding responses by inputting any URL into the requestUrl parameter.\n\nOf particular concern is our ability to exert control over the HTTP method, cookies, IP address, and headers. This effectively grants us the capability to dispatch complete HTTP requests to hosts of our choosing.\n\nThis issue affects Apache ShenYu: 2.5.1.\n\nUpgrade to Apache ShenYu 2.6.0 or apply patch\u00a0 https://github.com/apache/shenyu/pull/4776 \u00a0.\n\n"
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "low"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-918",
              "description": "CWE-918 Server-Side Request Forgery (SSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-19T08:35:31.452Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/chprswxvb22z35vnoxv9tt3zknsm977d"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Server-Side Request Forgery in Apache ShenYu",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2023-25753",
    "datePublished": "2023-10-19T08:35:24.075Z",
    "dateReserved": "2023-02-13T14:14:30.512Z",
    "dateUpdated": "2024-09-12T20:32:26.867Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:shenyu:2.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5FF6FCF7-9CEF-4E24-B669-256B1C825361\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"\\nThere exists an SSRF (Server-Side Request Forgery) vulnerability located at the /sandbox/proxyGateway endpoint. This vulnerability allows us to manipulate arbitrary requests and retrieve corresponding responses by inputting any URL into the requestUrl parameter.\\n\\nOf particular concern is our ability to exert control over the HTTP method, cookies, IP address, and headers. This effectively grants us the capability to dispatch complete HTTP requests to hosts of our choosing.\\n\\nThis issue affects Apache ShenYu: 2.5.1.\\n\\nUpgrade to Apache ShenYu 2.6.0 or apply patch\\u00a0 https://github.com/apache/shenyu/pull/4776 \\u00a0.\\n\\n\"}, {\"lang\": \"es\", \"value\": \"Existe una vulnerabilidad SSRF (falsificaci\\u00f3n de solicitudes del lado del servidor) ubicada en el endpoint /sandbox/proxyGateway. Esta vulnerabilidad nos permite manipular solicitudes arbitrarias y recuperar las respuestas correspondientes ingresando cualquier URL en el par\\u00e1metro requestUrl. De particular preocupaci\\u00f3n es nuestra capacidad para ejercer control sobre el m\\u00e9todo HTTP, las cookies, la direcci\\u00f3n IP y los encabezados. Esto efectivamente nos otorga la capacidad de enviar solicitudes HTTP completas a los hosts de nuestra elecci\\u00f3n. Este problema afecta a Apache ShenYu: 2.5.1. Actualice a Apache ShenYu 2.6.0 o aplique el parche https://github.com/apache/shenyu/pull/4776\"}]",
      "id": "CVE-2023-25753",
      "lastModified": "2024-11-21T07:50:04.903",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 2.5}]}",
      "published": "2023-10-19T09:15:08.480",
      "references": "[{\"url\": \"https://lists.apache.org/thread/chprswxvb22z35vnoxv9tt3zknsm977d\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.apache.org/thread/chprswxvb22z35vnoxv9tt3zknsm977d\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "security@apache.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security@apache.org\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-918\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-918\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-25753\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2023-10-19T09:15:08.480\",\"lastModified\":\"2024-11-21T07:50:04.903\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"\\nThere exists an SSRF (Server-Side Request Forgery) vulnerability located at the /sandbox/proxyGateway endpoint. This vulnerability allows us to manipulate arbitrary requests and retrieve corresponding responses by inputting any URL into the requestUrl parameter.\\n\\nOf particular concern is our ability to exert control over the HTTP method, cookies, IP address, and headers. This effectively grants us the capability to dispatch complete HTTP requests to hosts of our choosing.\\n\\nThis issue affects Apache ShenYu: 2.5.1.\\n\\nUpgrade to Apache ShenYu 2.6.0 or apply patch\u00a0 https://github.com/apache/shenyu/pull/4776 \u00a0.\\n\\n\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad SSRF (falsificaci\u00f3n de solicitudes del lado del servidor) ubicada en el endpoint /sandbox/proxyGateway. Esta vulnerabilidad nos permite manipular solicitudes arbitrarias y recuperar las respuestas correspondientes ingresando cualquier URL en el par\u00e1metro requestUrl. De particular preocupaci\u00f3n es nuestra capacidad para ejercer control sobre el m\u00e9todo HTTP, las cookies, la direcci\u00f3n IP y los encabezados. Esto efectivamente nos otorga la capacidad de enviar solicitudes HTTP completas a los hosts de nuestra elecci\u00f3n. Este problema afecta a Apache ShenYu: 2.5.1. Actualice a Apache ShenYu 2.6.0 o aplique el parche https://github.com/apache/shenyu/pull/4776\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:shenyu:2.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5FF6FCF7-9CEF-4E24-B669-256B1C825361\"}]}]}],\"references\":[{\"url\":\"https://lists.apache.org/thread/chprswxvb22z35vnoxv9tt3zknsm977d\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread/chprswxvb22z35vnoxv9tt3zknsm977d\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.apache.org/thread/chprswxvb22z35vnoxv9tt3zknsm977d\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T11:32:11.718Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-25753\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-12T20:32:03.176770Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-12T20:32:22.716Z\"}}], \"cna\": {\"title\": \"Server-Side Request Forgery in Apache ShenYu\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"by3\"}], \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"low\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache ShenYu\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"maven\", \"lessThanOrEqual\": \"2.5.1\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://lists.apache.org/thread/chprswxvb22z35vnoxv9tt3zknsm977d\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"\\nThere exists an SSRF (Server-Side Request Forgery) vulnerability located at the /sandbox/proxyGateway endpoint. This vulnerability allows us to manipulate arbitrary requests and retrieve corresponding responses by inputting any URL into the requestUrl parameter.\\n\\nOf particular concern is our ability to exert control over the HTTP method, cookies, IP address, and headers. This effectively grants us the capability to dispatch complete HTTP requests to hosts of our choosing.\\n\\nThis issue affects Apache ShenYu: 2.5.1.\\n\\nUpgrade to Apache ShenYu 2.6.0 or apply patch\\u00a0 https://github.com/apache/shenyu/pull/4776 \\u00a0.\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\\n\\n\u003cp\u003eThere exists an SSRF (Server-Side Request Forgery) vulnerability located at the /sandbox/proxyGateway endpoint. This vulnerability allows us to manipulate arbitrary requests and retrieve corresponding responses by inputting any URL into the requestUrl parameter.\u003c/p\u003e\u003cp\u003eOf particular concern is our ability to exert control over the HTTP method, cookies, IP address, and headers. This effectively grants us the capability to dispatch complete HTTP requests to hosts of our choosing.\u003c/p\u003e\u003cp\u003e\\n\\n\u003c/p\u003e\u003cp\u003eThis issue affects Apache ShenYu: 2.5.1.\u003c/p\u003e\u003cp\u003eUpgrade to Apache ShenYu 2.6.0 or apply patch\u0026nbsp;\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://github.com/apache/shenyu/pull/4776\\\"\u003ehttps://github.com/apache/shenyu/pull/4776\u003c/a\u003e\u0026nbsp;.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\\n\\n\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-918\", \"description\": \"CWE-918 Server-Side Request Forgery (SSRF)\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2023-10-19T08:35:31.452Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-25753\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-12T20:32:26.867Z\", \"dateReserved\": \"2023-02-13T14:14:30.512Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2023-10-19T08:35:24.075Z\", \"assignerShortName\": \"apache\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.