High

kubeflow

SSRF Vulnerability

Kubeflow version 1.7.0 is vulnerable to Server-Side Request Forgery (SSRF), allowing attackers to proxy requests through Kubeflow to access internal and external resources. The vulnerability was identified in the handling of the 'namespace' URL parameter. The specific patch version fixing this issue is not mentioned.

Available publicly on Dec 14 2023

7.7

CVE:

CVE-2023-6570

CWE:

918:Server-Side Request Forgery (SSRF)

CVSS:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Credit:

danmcinerney
AssessDetect

Premium

Remediate
Remediation Steps
  • Update Kubeflow to a version that patches this SSRF vulnerability.
  • Validate and sanitize all user inputs, especially URL parameters, to prevent malicious requests.
  • Implement strict outbound request policies to limit the destinations to which the server can make requests.
  • Use allowlists for URL parameters that need to make external requests, ensuring only known, safe destinations are accessible.
Patch Details
  • Fixed Version: N/A
  • Patch Commit: N/A
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have - related security advisories that are available with Sightline Premium.