Skip to content

Comments

Server Side Request Forgery vulnerability fix (powered by Mobb)#23

Open
eitanMobb wants to merge 1 commit intomainfrom
Mobb-fix-c3c14
Open

Server Side Request Forgery vulnerability fix (powered by Mobb)#23
eitanMobb wants to merge 1 commit intomainfrom
Mobb-fix-c3c14

Conversation

@eitanMobb
Copy link
Owner

@eitanMobb eitanMobb commented Sep 5, 2024

This change fixes a medium severity (🟡) Server Side Request Forgery issue reported by Checkmarx.

Issue description

Server-Side Request Forgery (SSRF) allows attackers to make unauthorized requests from a vulnerable server, potentially accessing internal systems, services, or data.

Fix instructions

Validate or sanitize user-supplied URLs, ensuring that they are restricted to trusted domains. Implementing proper input validation and using whitelists for acceptable URLs can prevent SSRF attacks.

More info and fix customization are available in the Mobb platform

@eitanMobb
Copy link
Owner Author

eitanMobb commented Sep 5, 2024

Logo
Checkmarx One – Scan Summary & Detailsb6b56f11-1615-4b45-9a2e-c594a11ffcbd

New Issues

Severity Issue Source File / Package Checkmarx Insight
CRITICAL CVE-2013-7285 Maven-com.thoughtworks.xstream:xstream-1.4.5 Vulnerable Package
CRITICAL CVE-2021-21342 Maven-com.thoughtworks.xstream:xstream-1.4.5 Vulnerable Package
CRITICAL CVE-2021-21344 Maven-com.thoughtworks.xstream:xstream-1.4.5 Vulnerable Package
CRITICAL CVE-2021-21345 Maven-com.thoughtworks.xstream:xstream-1.4.5 Vulnerable Package
CRITICAL CVE-2021-21346 Maven-com.thoughtworks.xstream:xstream-1.4.5 Vulnerable Package
CRITICAL CVE-2021-21347 Maven-com.thoughtworks.xstream:xstream-1.4.5 Vulnerable Package
CRITICAL CVE-2021-21350 Maven-com.thoughtworks.xstream:xstream-1.4.5 Vulnerable Package
CRITICAL CVE-2021-21351 Maven-com.thoughtworks.xstream:xstream-1.4.5 Vulnerable Package
CRITICAL CVE-2022-1471 Maven-org.yaml:snakeyaml-1.33 Vulnerable Package
CRITICAL CVE-2024-31573 Maven-org.xmlunit:xmlunit-core-2.9.1 Vulnerable Package
HIGH CVE-2016-10707 Npm-jquery-2.1.4 Vulnerable Package
HIGH CVE-2016-10707 Npm-jquery-1.10.2 Vulnerable Package
HIGH CVE-2016-3674 Maven-com.thoughtworks.xstream:xstream-1.4.5 Vulnerable Package
HIGH CVE-2017-7957 Maven-com.thoughtworks.xstream:xstream-1.4.5 Vulnerable Package
HIGH CVE-2020-26217 Maven-com.thoughtworks.xstream:xstream-1.4.5 Vulnerable Package
HIGH CVE-2020-26258 Maven-com.thoughtworks.xstream:xstream-1.4.5 Vulnerable Package
HIGH CVE-2021-21341 Maven-com.thoughtworks.xstream:xstream-1.4.5 Vulnerable Package
HIGH CVE-2021-21343 Maven-com.thoughtworks.xstream:xstream-1.4.5 Vulnerable Package
HIGH CVE-2021-21348 Maven-com.thoughtworks.xstream:xstream-1.4.5 Vulnerable Package
HIGH CVE-2021-21349 Maven-com.thoughtworks.xstream:xstream-1.4.5 Vulnerable Package
HIGH CVE-2021-29505 Maven-com.thoughtworks.xstream:xstream-1.4.5 Vulnerable Package
HIGH CVE-2021-39139 Maven-com.thoughtworks.xstream:xstream-1.4.5 Vulnerable Package
HIGH CVE-2021-39141 Maven-com.thoughtworks.xstream:xstream-1.4.5 Vulnerable Package
HIGH CVE-2021-39144 Maven-com.thoughtworks.xstream:xstream-1.4.5 Vulnerable Package
HIGH CVE-2021-39145 Maven-com.thoughtworks.xstream:xstream-1.4.5 Vulnerable Package
HIGH CVE-2021-39146 Maven-com.thoughtworks.xstream:xstream-1.4.5 Vulnerable Package
HIGH CVE-2021-39147 Maven-com.thoughtworks.xstream:xstream-1.4.5 Vulnerable Package
HIGH CVE-2021-39148 Maven-com.thoughtworks.xstream:xstream-1.4.5 Vulnerable Package
HIGH CVE-2021-39149 Maven-com.thoughtworks.xstream:xstream-1.4.5 Vulnerable Package
HIGH CVE-2021-39150 Maven-com.thoughtworks.xstream:xstream-1.4.5 Vulnerable Package
HIGH CVE-2021-39151 Maven-com.thoughtworks.xstream:xstream-1.4.5 Vulnerable Package
HIGH CVE-2021-39152 Maven-com.thoughtworks.xstream:xstream-1.4.5 Vulnerable Package
HIGH CVE-2021-39153 Maven-com.thoughtworks.xstream:xstream-1.4.5 Vulnerable Package
HIGH CVE-2021-39154 Maven-com.thoughtworks.xstream:xstream-1.4.5 Vulnerable Package
HIGH CVE-2021-43859 Maven-com.thoughtworks.xstream:xstream-1.4.5 Vulnerable Package
HIGH CVE-2022-40151 Maven-com.thoughtworks.xstream:xstream-1.4.5 Vulnerable Package
HIGH CVE-2022-40152 Maven-com.thoughtworks.xstream:xstream-1.4.5 Vulnerable Package
HIGH CVE-2022-41966 Maven-com.thoughtworks.xstream:xstream-1.4.5 Vulnerable Package
HIGH CVE-2023-24998 Maven-commons-fileupload:commons-fileupload-1.4 Vulnerable Package
HIGH CVE-2023-34053 Maven-org.springframework:spring-web-6.0.13 Vulnerable Package
HIGH CVE-2023-38286 Maven-org.thymeleaf:thymeleaf-3.1.1.RELEASE Vulnerable Package
HIGH CVE-2023-51775 Maven-org.bitbucket.b_c:jose4j-0.9.3 Vulnerable Package
HIGH CVE-2023-52428 Maven-com.nimbusds:nimbus-jose-jwt-9.24.4 Vulnerable Package
HIGH CVE-2023-5379 Maven-io.undertow:undertow-core-2.3.10.Final Vulnerable Package
HIGH CVE-2023-5685 Maven-org.jboss.xnio:xnio-api-3.8.8.Final Vulnerable Package
HIGH CVE-2023-6378 Maven-ch.qos.logback:logback-classic-1.4.11 Vulnerable Package
HIGH CVE-2023-6378 Maven-ch.qos.logback:logback-core-1.4.11 Vulnerable Package
HIGH CVE-2023-6481 Maven-ch.qos.logback:logback-core-1.4.11 Vulnerable Package
HIGH CVE-2024-22201 Maven-org.eclipse.jetty.http2:http2-common-11.0.17 Vulnerable Package
HIGH CVE-2024-22234 Maven-org.springframework.security:spring-security-web-6.1.5 Vulnerable Package
HIGH CVE-2024-22234 Maven-org.springframework.security:spring-security-oauth2-client-6.1.5 Vulnerable Package
HIGH CVE-2024-22234 Maven-org.springframework.security:spring-security-core-6.1.5 Vulnerable Package
HIGH CVE-2024-22243 Maven-org.springframework:spring-web-6.0.13 Vulnerable Package
HIGH CVE-2024-22257 Maven-org.springframework.security:spring-security-core-6.1.5 Vulnerable Package
HIGH CVE-2024-22259 Maven-org.springframework:spring-web-6.0.13 Vulnerable Package
HIGH CVE-2024-22262 Maven-org.springframework:spring-web-6.0.13 Vulnerable Package
HIGH CVE-2024-5971 Maven-io.undertow:undertow-core-2.3.10.Final Vulnerable Package
HIGH CVE-2024-6162 Maven-io.undertow:undertow-core-2.3.10.Final Vulnerable Package
HIGH CVE-2024-7885 Maven-io.undertow:undertow-core-2.3.10.Final Vulnerable Package
HIGH Missing User Instruction /Dockerfile_desktop: 1 A user should be specified in the dockerfile, otherwise the image will run as root
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile_desktop: 1 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile_desktop: 1 When installing a package, its pin version should be defined
MEDIUM CVE-2015-9251 Npm-jquery-1.10.2 Vulnerable Package
MEDIUM CVE-2015-9251 Npm-jquery-2.1.4 Vulnerable Package
MEDIUM CVE-2016-7103 Npm-jquery-ui-1.10.4 Vulnerable Package
MEDIUM CVE-2019-11358 Npm-jquery-1.10.2 Vulnerable Package
MEDIUM CVE-2019-11358 Npm-jquery-2.1.4 Vulnerable Package
MEDIUM CVE-2020-11022 Npm-jquery-3.4.1 Vulnerable Package
MEDIUM CVE-2020-11022 Npm-jquery-1.10.2 Vulnerable Package
MEDIUM CVE-2020-11022 Npm-jquery-2.1.4 Vulnerable Package
MEDIUM CVE-2020-11023 Npm-jquery-3.4.1 Vulnerable Package
MEDIUM CVE-2020-11023 Npm-jquery-1.10.2 Vulnerable Package
MEDIUM CVE-2020-11023 Npm-jquery-2.1.4 Vulnerable Package
MEDIUM CVE-2020-26259 Maven-com.thoughtworks.xstream:xstream-1.4.5 Vulnerable Package
MEDIUM CVE-2021-39140 Maven-com.thoughtworks.xstream:xstream-1.4.5 Vulnerable Package
MEDIUM CVE-2021-41182 Npm-jquery-ui-1.10.4 Vulnerable Package
MEDIUM CVE-2021-41183 Npm-jquery-ui-1.10.4 Vulnerable Package
MEDIUM CVE-2021-41184 Npm-jquery-ui-1.10.4 Vulnerable Package
MEDIUM CVE-2022-31160 Npm-jquery-ui-1.10.4 Vulnerable Package
MEDIUM CVE-2023-34055 Maven-org.springframework.boot:spring-boot-3.1.5 Vulnerable Package
MEDIUM CVE-2023-41329 Maven-com.github.tomakehurst:wiremock-3.0.0-beta-2 Vulnerable Package
MEDIUM CVE-2023-51074 Maven-com.jayway.jsonpath:json-path-2.8.0 Vulnerable Package
MEDIUM CVE-2024-1459 Maven-io.undertow:undertow-core-2.3.10.Final Vulnerable Package
MEDIUM CVE-2024-3653 Maven-io.undertow:undertow-core-2.3.10.Final Vulnerable Package
MEDIUM CVE-2024-3653 Maven-io.undertow:undertow-servlet-2.3.10.Final Vulnerable Package
MEDIUM CVE-2024-6531 Maven-org.webjars:bootstrap-5.3.2 Vulnerable Package
MEDIUM Cxf0b588a3-5c6f Npm-jquery-2.1.4 Vulnerable Package
MEDIUM Cxf0b588a3-5c6f Npm-jquery-1.10.2 Vulnerable Package
MEDIUM SSRF /src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask2.java: 44 Attack Vector
LOW Chown Flag Exists /Dockerfile: 12 It is considered a best practice for every executable in a container to be owned by the root user even if it is executed by a non-root user, only e...
LOW Healthcheck Instruction Missing /Dockerfile_desktop: 1 Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working
LOW Healthcheck Instruction Missing /Dockerfile: 1 Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working
LOW Unpinned Actions Full Length Commit SHA /pre-commit.yaml: 26 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
LOW Unpinned Actions Full Length Commit SHA /test.yml: 45 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
LOW Unpinned Actions Full Length Commit SHA /release.yml: 82 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
LOW Unpinned Actions Full Length Commit SHA /release.yml: 104 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
LOW Unpinned Actions Full Length Commit SHA /test.yml: 64 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
LOW Unpinned Actions Full Length Commit SHA /test.yml: 56 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
LOW Unpinned Actions Full Length Commit SHA /release.yml: 43 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
LOW Unpinned Actions Full Length Commit SHA /release.yml: 91 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
LOW Unpinned Actions Full Length Commit SHA /release.yml: 145 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
LOW Unpinned Actions Full Length Commit SHA /pre-commit.yaml: 28 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
LOW Unpinned Actions Full Length Commit SHA /release.yml: 77 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
LOW Unpinned Actions Full Length Commit SHA /release.yml: 85 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
LOW Unpinned Actions Full Length Commit SHA /release.yml: 137 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...

Fixed Issues

Severity Issue Source File / Package
MEDIUM SSRF /src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask2.java: 44
MEDIUM SSRF /src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask2.java: 44
MEDIUM SSRF /src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask2.java: 44
MEDIUM SSRF /src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask2.java: 44

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@eitanMobb