FoodCoopShop is open source software for food coops and local shops. Versions starting with 3.2.0 prior to 3.6.1 are vulnerable to server-side request forgery. In the Network module, a manufacturer account can use the `/api/updateProducts.json` endpoint to make the server send a request to an arbitrary host. This means that the server can be used as a proxy into the internal network where the server is. Furthermore, the checks on a valid image are not adequate, leading to a time of check time of use issue. For example, by using a custom server that returns 200 on HEAD requests, then return a valid image on first GET request and then a 302 redirect to final target on second GET request, the server will copy whatever file is at the redirect destination, making this a full SSRF. Version 3.6.1 fixes this vulnerability.
References
Configurations
History
09 Nov 2023, 21:16
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CWE | CWE-367 | |
CPE | cpe:2.3:a:foodcoopshop:foodcoopshop:*:*:*:*:*:*:*:* | |
First Time |
Foodcoopshop
Foodcoopshop foodcoopshop |
|
References | (MISC) https://pastebin.com/8K5Brwbq - Not Applicable | |
References | (MISC) https://github.com/foodcoopshop/foodcoopshop/commit/0d5bec5c4c22e1affe7fd321a30e3f3a4d99e808 - Patch | |
References | (MISC) https://github.com/foodcoopshop/foodcoopshop/pull/972 - Patch | |
References | (MISC) https://github.com/foodcoopshop/foodcoopshop/security/advisories/GHSA-jhww-fx2j-3rf7 - Vendor Advisory |
06 Nov 2023, 17:15
Type | Values Removed | Values Added |
---|---|---|
Summary | FoodCoopShop is open source software for food coops and local shops. Versions starting with 3.2.0 prior to 3.6.1 are vulnerable to server-side request forgery. In the Network module, a manufacturer account can use the `/api/updateProducts.json` endpoint to make the server send a request to an arbitrary host. This means that the server can be used as a proxy into the internal network where the server is. Furthermore, the checks on a valid image are not adequate, leading to a time of check time of use issue. For example, by using a custom server that returns 200 on HEAD requests, then return a valid image on first GET request and then a 302 redirect to final target on second GET request, the server will copy whatever file is at the redirect destination, making this a full SSRF. Version 3.6.1 fixes this vulnerability. |
02 Nov 2023, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-02 15:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-46725
Mitre link : CVE-2023-46725
CVE.ORG link : CVE-2023-46725
JSON object : View
Products Affected
foodcoopshop
- foodcoopshop