CVE-2023-27160

Vulnerability

A Server-Side Request Forgery (SSRF) vulnerability exists in Forem up to version v2022.11.11. The bug resides in the /articles/{id} component, where an unauthenticated POST request with a crafted main_image parameter can be used to trick the server into making requests to arbitrary URLs. Affected versions: Forem ≤ v2022.11.11 [2].

Exploitation

An attacker must be able to send a POST request to the /articles/{id} endpoint with a malicious main_image parameter pointing to an internal or external target. No prior authentication or special privileges are required. The server will subsequently fetch the URL, allowing the attacker to use the server as a proxy [2][3].

Impact

Successful exploitation enables an attacker to access internal network resources and sensitive information that are normally inaccessible from the internet. This can include but is not limited to internal HTTP services, cloud metadata endpoints, or any HTTP-accessible resource on the server's network [1][3].

Mitigation

The vulnerability is fixed in Forem versions after v2022.11.11. Users should upgrade to the latest version. No known workaround is documented. The vendor has not listed this CVE in the Known Exploited Vulnerabilities catalog [1][2].