Login Sign Up

CVE-2022-27311

9.8 CRITICAL
SSRF

📋 TL;DR

CVE-2022-27311 is a Server-Side Request Forgery (SSRF) vulnerability in Gibbon v3.4.4 and earlier that allows attackers to make unauthorized requests from the vulnerable server to internal or external systems. Attackers can exploit this by crafting malicious URLs, potentially accessing sensitive internal services or conducting further attacks. All users running affected Gibbon versions are vulnerable.

💻 Affected Systems

Products:
  • Gibbon
Versions: v3.4.4 and below
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of affected versions are vulnerable regardless of configuration.

📦 What is this software?

Gibbon by Gibbon Project

View all CVEs affecting Gibbon →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of internal network services, data exfiltration, lateral movement to other systems, or using the server as a proxy for attacks against external targets.

🟠

Likely Case

Unauthorized access to internal services, information disclosure from internal APIs or systems, and potential credential theft from metadata services.

🟢

If Mitigated

Limited impact with proper network segmentation, egress filtering, and input validation controls in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

SSRF vulnerabilities are commonly exploited and weaponized due to their impact potential.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after commit b2eb99ed304d7491a6d348a5bbdc83a008fc6e0b

Vendor Advisory: https://github.com/amro/gibbon/commit/b2eb99ed304d7491a6d348a5bbdc83a008fc6e0b

Restart Required: No

Instructions:

1. Update Gibbon to the latest version. 2. Apply the security patches from the GitHub commits. 3. Verify the fix by testing SSRF attempts.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement strict URL validation to block SSRF attempts

Implement whitelist-based URL validation in application code

Network Egress Filtering

linux

Restrict outbound connections from the server

iptables -A OUTPUT -p tcp --dport 80 -j DROP
iptables -A OUTPUT -p tcp --dport 443 -j DROP

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate the Gibbon server from sensitive internal systems
  • Deploy a web application firewall (WAF) with SSRF protection rules

🔍 How to Verify

Check if Vulnerable:

Check if Gibbon version is 3.4.4 or earlier and test with SSRF payloads to internal services

Check Version:

Check Gibbon version in admin panel or configuration files

Verify Fix Applied:

Test with SSRF payloads after patching to confirm they are blocked

📡 Detection & Monitoring

Log Indicators:

  • Unusual outbound HTTP requests from the server
  • Requests to internal IP addresses or metadata services

Network Indicators:

  • Unexpected outbound connections from the Gibbon server to internal services

SIEM Query:

source="gibbon" AND (dest_ip=169.254.169.254 OR dest_ip=10.* OR dest_ip=192.168.* OR dest_ip=172.16.*)

📊 Metadata

CVE ID: CVE-2022-27311
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-918
Published: April 25, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-27311, you might also want to check these:

CVE-2023-3432 10.0

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in PlantUML versions prior to ...

Same vulnerability type (CWE-918)
CVE-2025-2828 10.0

This Server-Side Request Forgery (SSRF) vulnerability in langchain-community's RequestsToolkit allow...

Same vulnerability type (CWE-918)
CVE-2023-43654 10.0

TorchServe versions 0.1.0 to 0.8.1 have a critical vulnerability where the default configuration lac...

Same vulnerability type (CWE-918)