Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-24856 PoC — FlyteConsole 代码问题漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-24856.yaml
Associated Vulnerability
Title:FlyteConsole 代码问题漏洞 (CVE-2022-24856)
Description:FlyteConsole是Flyte的控制台组件。 FlyteConsole 0.52.0 之前版本存在代码问题漏洞,该漏洞源于容易受到服务器端请求伪造 (SSRF) 的攻击。攻击者可以利用易受攻击实例的任何用户访问内部元数据服务器或其他未经身份验证的 URL。
Description
FlyteConsole is the web user interface for the Flyte platform. FlyteConsole prior to version 0.52.0 is vulnerable to server-side request forgery when FlyteConsole is open to the general internet. An attacker can exploit any user of a vulnerable instance to access the internal metadata server or other unauthenticated URLs. Passing of headers to an unauthorized actor may occur.
File Snapshot

 id: CVE-2022-24856

info:
  name: Flyte Console <0.52.0 - Server-Side Request Forgery
  author: pdte

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.