Exposure of Sensitive Information to an Unauthorized Actor Affecting ethyca-fides package, versions [2.19.0,2.39.2)
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-ETHYCAFIDES-7430191
- published 7 Jul 2024
- disclosed 5 Jul 2024
- credit RobertKeyser
Introduced: 5 Jul 2024
CVE-2024-31223 Open this link in a new tabHow to fix?
Upgrade ethyca-fides to version 2.39.2 or higher.
Overview
ethyca-fides is an Open-source ecosystem for data privacy as code.
Affected versions of this package are vulnerable to Exposure of Sensitive Information to an Unauthorized Actor through the SERVER_SIDE_FIDES_API_URL environment variable. An attacker can obtain sensitive server-side configuration details by making an unauthorized HTTP GET request.
PoC
Set the value of the environment variable
FIDES_PRIVACY_CENTER__SERVER_SIDE_FIDES_API_URLof your Fides Privacy Center container before start-up to a private value such ashttps://some.private.domain.name/api/v1and start the Privacy Center applicationOnce the application is up, perform a HTTP GET request of the Privacy Center's main page e.g. https://privacy.example.com . The value of
SERVER_SIDE_FIDES_API_URLis returned in the response's body.
curl -s https://privacy.example.com/ | \
grep '__NEXT_DATA__' | \
sed 's/.*<script id="__NEXT_DATA__" type="application\/json">//;s/<\/script>.*//' | \
jq '.props.serverEnvironment.settings.SERVER_SIDE_FIDES_API_URL'
"https://some.private.domain.name/api/v1"