[CVE Request] CWE-918: Unauthenticated Blind Server-Side Request Forgery (SSRF) in Eclipse BaSyx V2

CVE Reservation Request

The Eclipse Foundation is a Common Vulnerabilities and Exposures (CVE) Numbering Authority.

Creating this ticket initiates reservation of a CVE ID for the documented vulnerability. The reserved CVE ID will be posted in a comment below, and kept confidential until explicit publication request.

CVE record information

Project name: Eclipse BaSyx Java Server SDK

Project id: dt.basyx

Versions affected: [0.0.0, 2.0.0-milestone-10)

Common Weakness Enumeration (CWE):

CWE-918: Server-Side Request Forgery (SSRF)

Common Attack Pattern Enumerations and Classifications (CAPEC):

CAPEC-666: Server Side Request Forgery

Common Vulnerability Scoring System: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Summary: In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attacker can exploit this design flaw to force the BaSyx server to execute blind HTTP POST requests to arbitrary internal or external targets. This allows an attacker to bypass network segmentation and pivot into isolated internal IT/OT infrastructure or target Cloud Metadata services (IMDS).

Links:

vulnerability-reports#423 (closed)

Credits: Mohamed Lemine Ahmed Jidou (AegisSec)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

Admin message

[CVE Request] CWE-918: Unauthenticated Blind Server-Side Request Forgery (SSRF) in Eclipse BaSyx V2

CVE Reservation Request

CVE record information