Login Sign Up

CVE-2023-48910

9.8 CRITICAL
SSRF

📋 TL;DR

Microcks up to version 1.17.1 contains a Server-Side Request Forgery (SSRF) vulnerability in the /jobs and /artifact/download components. Attackers can send crafted GET requests to access internal network resources and potentially sensitive information. Organizations running vulnerable Microcks versions are affected.

💻 Affected Systems

Products:
  • Microcks
Versions: up to 1.17.1
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: All deployments with the vulnerable endpoints exposed are affected regardless of configuration.

📦 What is this software?

Microcks by Microcks

View all CVEs affecting Microcks →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access internal services, sensitive data, cloud metadata, or pivot to other systems, potentially leading to full network compromise.

🟠

Likely Case

Unauthorized access to internal HTTP services, file retrieval from internal systems, or reconnaissance of internal network infrastructure.

🟢

If Mitigated

Limited to accessing only allowed internal resources if proper network segmentation and input validation are in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability requires only crafted GET requests to the vulnerable endpoints.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.18.0 or later

Vendor Advisory: https://github.com/orgs/microcks/discussions/892

Restart Required: Yes

Instructions:

1. Upgrade Microcks to version 1.18.0 or later. 2. Restart the Microcks service. 3. Verify the fix by testing the vulnerable endpoints.

🔧 Temporary Workarounds

Network Access Control

all

Restrict network access to Microcks instances using firewalls or network policies.

Reverse Proxy Filtering

all

Configure reverse proxy to block or sanitize requests to /jobs and /artifact/download endpoints.

🧯 If You Can't Patch

  • Isolate Microcks instances in a restricted network segment with no access to sensitive internal resources.
  • Implement strict input validation and URL filtering at the application or network level.

🔍 How to Verify

Check if Vulnerable:

Check if Microcks version is 1.17.1 or earlier and if /jobs or /artifact/download endpoints are accessible.

Check Version:

Check the Microcks UI or container image tag for version information.

Verify Fix Applied:

Confirm Microcks version is 1.18.0 or later and test that crafted requests to vulnerable endpoints are rejected.

📡 Detection & Monitoring

Log Indicators:

  • Unusual requests to /jobs or /artifact/download endpoints with external or internal IPs
  • Multiple failed requests to these endpoints

Network Indicators:

  • Outbound connections from Microcks to unexpected internal services
  • Unusual traffic patterns from Microcks instance

SIEM Query:

source="microcks" AND (uri_path="/jobs" OR uri_path="/artifact/download") AND (status_code=200 OR status_code=302)

📊 Metadata

CVE ID: CVE-2023-48910
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-918
Published: December 4, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-48910, you might also want to check these:

CVE-2023-3432 10.0

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in PlantUML versions prior to ...

Same vulnerability type (CWE-918)
CVE-2025-2828 10.0

This Server-Side Request Forgery (SSRF) vulnerability in langchain-community's RequestsToolkit allow...

Same vulnerability type (CWE-918)
CVE-2023-43654 10.0

TorchServe versions 0.1.0 to 0.8.1 have a critical vulnerability where the default configuration lac...

Same vulnerability type (CWE-918)