Login Sign Up

CVE-2022-0132

7.5 HIGH
SSRF

📋 TL;DR

CVE-2022-0132 is a Server-Side Request Forgery (SSRF) vulnerability in PeerTube that allows attackers to make the server send HTTP requests to arbitrary internal systems. This affects PeerTube instances that haven't been patched, potentially exposing internal network resources to unauthorized access.

💻 Affected Systems

Products:
  • PeerTube
Versions: Versions before commit 7b54a81cccf6b4c12269e9d6897d608b1a99537a
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: All PeerTube instances with default configurations are vulnerable if unpatched.

📦 What is this software?

Peertube by Framasoft

View all CVEs affecting Peertube →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access internal services, exfiltrate sensitive data, or pivot to attack other internal systems by exploiting the vulnerable PeerTube server as a proxy.

🟠

Likely Case

Unauthorized access to internal HTTP services, metadata harvesting from internal endpoints, or limited data exposure from vulnerable internal services.

🟢

If Mitigated

Limited impact with proper network segmentation and egress filtering, potentially only exposing non-sensitive internal services.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

SSRF vulnerabilities are commonly exploited and tooling exists for automated exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Commit 7b54a81cccf6b4c12269e9d6897d608b1a99537a or later

Vendor Advisory: https://github.com/chocobozzz/peertube/commit/7b54a81cccf6b4c12269e9d6897d608b1a99537a

Restart Required: Yes

Instructions:

1. Update PeerTube to latest version or apply commit 7b54a81cccf6b4c12269e9d6897d608b1a99537a. 2. Restart the PeerTube service. 3. Verify the fix is applied.

🔧 Temporary Workarounds

Network Egress Filtering

linux

Restrict outbound HTTP requests from PeerTube server to only necessary external endpoints

iptables -A OUTPUT -p tcp --dport 80 -j DROP
iptables -A OUTPUT -p tcp --dport 443 -j DROP

Reverse Proxy Restrictions

all

Configure reverse proxy to block requests to internal IP ranges

# Configure nginx or Apache to deny requests to private IP ranges

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate PeerTube from sensitive internal systems
  • Deploy web application firewall (WAF) rules to detect and block SSRF patterns

🔍 How to Verify

Check if Vulnerable:

Check if PeerTube version is before commit 7b54a81cccf6b4c12269e9d6897d608b1a99537a

Check Version:

git log --oneline -1

Verify Fix Applied:

Verify the commit hash includes 7b54a81cccf6b4c12269e9d6897d608b1a99537a or test SSRF payloads are blocked

📡 Detection & Monitoring

Log Indicators:

  • Unusual outbound HTTP requests from PeerTube server
  • Requests to internal IP addresses (10.x.x.x, 172.16.x.x, 192.168.x.x)

Network Indicators:

  • PeerTube server making HTTP requests to unexpected internal endpoints
  • Unusual traffic patterns from PeerTube to internal services

SIEM Query:

source="peertube" AND (dest_ip=10.0.0.0/8 OR dest_ip=172.16.0.0/12 OR dest_ip=192.168.0.0/16)

📊 Metadata

CVE ID: CVE-2022-0132
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-918
Published: January 10, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-0132, you might also want to check these:

CVE-2023-3432 10.0

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in PlantUML versions prior to ...

Same vulnerability type (CWE-918)
CVE-2025-2828 10.0

This Server-Side Request Forgery (SSRF) vulnerability in langchain-community's RequestsToolkit allow...

Same vulnerability type (CWE-918)
CVE-2023-43654 10.0

TorchServe versions 0.1.0 to 0.8.1 have a critical vulnerability where the default configuration lac...

Same vulnerability type (CWE-918)