Impact
Emissary is vulnerable to Server-Side Request Forgery (SSRF)
The RegisterPeerAction
endpoint is vulnerable to Server-Side Request Forgery (SSRF). A POST request to the /RegisterPeer.action
endpoint will trigger additional requests to hosts controlled by the attacker
Some of the forged requests are non-authenticated requests sent to the /emissary/Heartbeat.action
endpoint on the attacker server. However, some others are authenticated requests sent to the /emissary/RegisterPeer.action
endpoint on the attacker-controlled server.
Similarly the AddChildDirectoryAction
endpoint is vulnerable to Server-Side Request Forgery (SSRF). A POST request to the /AddChildDirectory.action
endpoint will trigger additional requests to hosts controlled by the attacker:
This vulnerability may lead to credentials leak.
Patches
Has the problem been patched? What versions should users upgrade to?
Workarounds
Disable network access to Emissary from untrusted sources.
References
- MITRE Common Weakness Enumeration (CWE-918: Server Side Request Forgery)
For more information
If you have any questions or comments about this advisory:
Impact
Emissary is vulnerable to Server-Side Request Forgery (SSRF)
The
RegisterPeerAction
endpoint is vulnerable to Server-Side Request Forgery (SSRF). A POST request to the/RegisterPeer.action
endpoint will trigger additional requests to hosts controlled by the attackerSome of the forged requests are non-authenticated requests sent to the
/emissary/Heartbeat.action
endpoint on the attacker server. However, some others are authenticated requests sent to the/emissary/RegisterPeer.action
endpoint on the attacker-controlled server.Similarly the
AddChildDirectoryAction
endpoint is vulnerable to Server-Side Request Forgery (SSRF). A POST request to the/AddChildDirectory.action
endpoint will trigger additional requests to hosts controlled by the attacker:This vulnerability may lead to credentials leak.
Patches
Has the problem been patched? What versions should users upgrade to?
Workarounds
Disable network access to Emissary from untrusted sources.
References
For more information
If you have any questions or comments about this advisory: