Listen to this Post
The CVE-2022-30781 vulnerability in Gitea is a Server-Side Request Forgery (SSRF) flaw within the webhook functionality. The core issue is a lack of proper validation on the target URL specified when creating or updating a webhook. The affected code components, primarily in pkg/backend/webhooks.go, do not restrict which IP addresses or network ranges the webhook can call. When a repository administrator creates a webhook and a triggering event occurs, the Gitea server itself makes an HTTP request to the configured URL. This allows an attacker to set a webhook endpoint to an internal, non-public address. The server will then blindly send the request, enabling access to internal services, cloud metadata endpoints, or private networks that would otherwise be inaccessible from the outside. The vulnerability is exploited by manipulating the webhook’s URL field to point to internal IPs like 127.0.0.1, 169.254.169.254, or addresses in the 10.0.0.0/8 range. The full HTTP response from the internal target is then captured and stored within the Gitea instance’s webhook delivery history, completing the data exfiltration.
Platform: Gitea
Version: < 1.16.9
Vulnerability: SSRF
Severity: Critical
date: 2022-06-14
Prediction: Patch 2022-06-21
What Undercode Say:
ssh localhost webhook create my-repo http://169.254.169.254/latest/meta-data/ gitea admin user list curl -X POST http://localhost:3000/api/v1/repos/myuser/myrepo/hooks cat pkg/backend/webhooks.go | grep -A 10 "CreateWebhook" netstat -tulpn | grep :3000
How Exploit:
1. Create malicious webhook.
2. Set internal URL target.
3. Trigger webhook via push.
4. View response in logs.
Protection from this CVE
1. Update Gitea immediately.
2. Implement network egress rules.
3. Validate webhook URLs.
4. Use web application firewalls.
Impact:
1. Cloud credential theft.
2. Internal network reconnaissance.
3. Data exfiltration.
4. Internal API compromise.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
