Login Sign Up

CVE-2022-24739

7.3 HIGH
SSRF Open Redirect

📋 TL;DR

CVE-2022-24739 is a vulnerability in AllTube (an HTML frontend for youtube-dl) that allows attackers to craft malicious HTML pages to trigger either open redirect attacks or Server-Side Request Forgery (SSRF) attacks. The SSRF attack is only possible when the 'stream' configuration option is enabled, which is disabled by default. Users running AllTube versions prior to 3.0.3 are affected.

💻 Affected Systems

Products:
  • AllTube
Versions: All versions prior to 3.0.3
Operating Systems: All
Default Config Vulnerable: ✅ No
Notes: SSRF attack requires 'stream' configuration option to be enabled (disabled by default). Open redirect attack works regardless of configuration.

📦 What is this software?

Alltube by Alltube Project

View all CVEs affecting Alltube →

⚠️ Risk & Real-World Impact

🔴

Worst Case

If the 'stream' option is enabled, attackers could perform SSRF attacks to access internal services, potentially leading to data exfiltration, internal network reconnaissance, or chaining with other vulnerabilities.

🟠

Likely Case

Open redirect attacks where users are tricked into visiting malicious sites through legitimate-looking AllTube URLs.

🟢

If Mitigated

Only open redirect attacks are possible when 'stream' option is disabled (default configuration).

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires crafting malicious HTML pages. GitHub advisory includes technical details and proof-of-concept.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.0.3

Vendor Advisory: https://github.com/Rudloff/alltube/security/advisories/GHSA-75p7-527p-w8wp

Restart Required: Yes

Instructions:

1. Update AllTube to version 3.0.3 or later. 2. Restart the AllTube service. 3. Verify the fix by checking the version.

🔧 Temporary Workarounds

Disable stream option

all

Ensure the 'stream' configuration option is disabled to prevent SSRF attacks

Edit config.php and set 'stream' => false

Input validation

all

Implement URL validation for user-supplied URLs

🧯 If You Can't Patch

  • Ensure 'stream' configuration option is disabled (default setting)
  • Implement web application firewall rules to detect and block SSRF and open redirect attempts

🔍 How to Verify

Check if Vulnerable:

Check AllTube version and configuration. If version < 3.0.3, system is vulnerable to open redirect. If 'stream' option is enabled, also vulnerable to SSRF.

Check Version:

Check version in AllTube web interface or config files

Verify Fix Applied:

Verify AllTube version is 3.0.3 or later. Test that crafted URLs with redirect parameters no longer work.

📡 Detection & Monitoring

Log Indicators:

  • Unusual redirect patterns in access logs
  • Requests to internal IP addresses from AllTube

Network Indicators:

  • Outbound connections from AllTube to unexpected internal services
  • Redirects to external domains from AllTube URLs

SIEM Query:

source="alltube" AND (url="*redirect=*" OR url="*url=*")

📊 Metadata

CVE ID: CVE-2022-24739
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-601
Published: March 8, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-24739, you might also want to check these:

CVE-2025-43526 9.8

A URL validation vulnerability in macOS and Safari allows web content opened via file URLs to bypass...

Same vulnerability type (CWE-601)
CVE-2025-55031 9.8

This vulnerability in Firefox and Focus for iOS allows malicious web pages to trigger hybrid passkey...

Same vulnerability type (CWE-601)
CVE-2024-22891 9.8

CVE-2024-22891 is a critical remote code execution vulnerability in Nteract v0.28.0 that allows atta...

Same vulnerability type (CWE-601)