Arcane Unauthenticated SSRF with Conditional Response Reflection in Template Fetch Endpoint

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.17.3, the /api/templates/fetch endpoint accepts a caller-supplied url parameter and performs a server-side HTTP GET request to that URL without authentication and without URL scheme or host validation. The server's response is returned directly to the caller. type. This constitutes an unauthenticated SSRF vulnerability affecting any publicly reachable Arcane instance. This vulnerability is fixed in 1.17.3.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

服务端请求伪造(SSRF)

arcane 代码问题漏洞

arcane是Arcane开源的一个Docker管理软件。 Arcane 1.17.3之前版本存在代码问题漏洞，该漏洞源于/api/templates/fetch端点接受调用者提供的url参数并进行无身份验证、无URL方案或主机验证的服务端HTTP GET请求，可能导致未经验证的服务端请求伪造。

N/A

N/A