Login Sign Up

CVE-2020-14160

7.5 HIGH
SSRF

📋 TL;DR

This SSRF vulnerability in Gotenberg allows attackers to read local files or access internal network resources through the remote URL to PDF conversion feature. It affects all Gotenberg deployments through version 6.2.1 that have the vulnerable endpoint exposed. Attackers can exploit this to access sensitive data on the server or internal systems.

💻 Affected Systems

Products:
  • Gotenberg
Versions: through 6.2.1
Operating Systems: all
Default Config Vulnerable: ⚠️ Yes
Notes: Affects deployments with the remote URL conversion endpoint accessible. Docker deployments are commonly affected.

📦 What is this software?

Gotenberg by Thecodingmachine

View all CVEs affecting Gotenberg →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of sensitive internal systems and data exfiltration, including credentials, configuration files, and access to internal-only services.

🟠

Likely Case

Unauthorized reading of local files on the Gotenberg server, potentially exposing configuration, secrets, or application data.

🟢

If Mitigated

Limited impact with proper network segmentation and input validation, restricting access to sensitive internal resources.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Simple HTTP requests to the vulnerable endpoint with crafted URLs can trigger the vulnerability. No authentication required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.2.2 and later

Vendor Advisory: https://github.com/gotenberg/gotenberg/issues/215

Restart Required: Yes

Instructions:

1. Update Gotenberg to version 6.2.2 or later. 2. For Docker: pull latest image or specific patched version. 3. Restart the Gotenberg service/container.

🔧 Temporary Workarounds

Network Segmentation

linux

Restrict Gotenberg's network access to prevent SSRF attacks from reaching internal systems

iptables -A OUTPUT -p tcp -m owner --uid-owner gotenberg -d 127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 -j DROP

Input Validation

all

Implement URL validation to reject internal/local URLs before processing

🧯 If You Can't Patch

  • Disable the remote URL conversion feature entirely if not required
  • Implement strict network egress filtering for the Gotenberg process

🔍 How to Verify

Check if Vulnerable:

Test by sending a request to the conversion endpoint with a local file URL (e.g., file:///etc/passwd) and check if content is returned

Check Version:

docker exec gotenberg gotenberg --version || check container/image tag

Verify Fix Applied:

After patching, repeat the vulnerable test and confirm local/internal URLs are rejected

📡 Detection & Monitoring

Log Indicators:

  • Unusual conversion requests with file://, 127.0.0.1, or internal IP addresses in URLs
  • Failed conversion attempts with internal network errors

Network Indicators:

  • Outbound connections from Gotenberg to internal IP ranges
  • Unusual traffic patterns from Gotenberg to non-public services

SIEM Query:

source="gotenberg" AND (url="file://*" OR url="*127.0.0.1*" OR url="*192.168.*" OR url="*10.*" OR url="*172.16.*")

📊 Metadata

CVE ID: CVE-2020-14160
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-918
Published: August 26, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-14160, you might also want to check these:

CVE-2023-3432 10.0

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in PlantUML versions prior to ...

Same vulnerability type (CWE-918)
CVE-2025-2828 10.0

This Server-Side Request Forgery (SSRF) vulnerability in langchain-community's RequestsToolkit allow...

Same vulnerability type (CWE-918)
CVE-2023-43654 10.0

TorchServe versions 0.1.0 to 0.8.1 have a critical vulnerability where the default configuration lac...

Same vulnerability type (CWE-918)