Impact
Vulnerability type: server-side request forgery or SSRF
Every user of Flyte, where FlyteConsole is open to general internet is vulnerable to attack where the attacker can access the internal metadata server or other unauthenticated urls. It also passes the headers along, which can be very dangerous.
Patches
The patch deletes the entire cors_proxy as this is not required for console anymore.
The patch has been merged and and released. #389
Also, all previous versions of flyteconsole have been yanked and deleted.
Users should upgrade to flyteconsole v0.52.0 or later.
This is published as an image available here: https://github.com/orgs/flyteorg/packages/container/flyteconsole/19114769?tag=v0.52.0
Workarounds
Disable Flyteconsole availability on the internet
References
Not yet
For more information
If you have any questions or comments about this advisory:
Impact
Vulnerability type: server-side request forgery or SSRF
Every user of Flyte, where FlyteConsole is open to general internet is vulnerable to attack where the attacker can access the internal metadata server or other unauthenticated urls. It also passes the headers along, which can be very dangerous.
Patches
The patch deletes the entire cors_proxy as this is not required for console anymore.
The patch has been merged and and released. #389
Also, all previous versions of flyteconsole have been yanked and deleted.
Users should upgrade to flyteconsole v0.52.0 or later.
This is published as an image available here: https://github.com/orgs/flyteorg/packages/container/flyteconsole/19114769?tag=v0.52.0
Workarounds
Disable Flyteconsole availability on the internet
References
Not yet
For more information
If you have any questions or comments about this advisory: