CVE-2024-8955
📋 TL;DR
A Server-Side Request Forgery (SSRF) vulnerability in composiohq/composio v0.4.4 allows attackers to read arbitrary files on the system by exploiting BROWSERTOOL_GOTO_PAGE and BROWSERTOOL_GET_PAGE_DETAILS actions. This affects all deployments using the vulnerable version of the composio framework. Attackers can potentially access sensitive configuration files, credentials, or other system data.
💻 Affected Systems
- composiohq/composio
📦 What is this software?
Composio by Composio
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise through reading sensitive files like /etc/passwd, SSH keys, or configuration files containing credentials, potentially leading to lateral movement or data exfiltration.
Likely Case
Unauthorized reading of sensitive files containing API keys, database credentials, or configuration data, leading to data breaches or further exploitation.
If Mitigated
Limited file access restricted by proper input validation and file system permissions, preventing access to critical system files.
🎯 Exploit Status
Exploitation requires understanding of the vulnerable actions and ability to trigger them. The vulnerability details are publicly disclosed but no proof-of-concept code is available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v0.4.5 or later
Vendor Advisory: https://huntr.com/bounties/13bc0399-2d9b-449e-95f2-6e9a7e39383d
Restart Required: No
Instructions:
1. Update composio to version v0.4.5 or later using package manager. 2. Verify the update was successful. 3. Test BROWSERTOOL actions to ensure they no longer accept file:// URLs.
🔧 Temporary Workarounds
Disable BROWSERTOOL actions
allTemporarily disable or restrict access to BROWSERTOOL_GOTO_PAGE and BROWSERTOOL_GET_PAGE_DETAILS actions until patching is complete.
Input validation filter
allImplement input validation to reject file:// URLs and localhost requests in the affected actions.
🧯 If You Can't Patch
- Implement strict network segmentation to isolate composio instances from sensitive systems
- Deploy web application firewall (WAF) rules to block file:// protocol requests and localhost access attempts
🔍 How to Verify
Check if Vulnerable:
Check if composio version is v0.4.4. Test if BROWSERTOOL actions accept file:// URLs by attempting to access file:///etc/passwd (in a controlled environment).Check Version:
pip show composio | grep VersionVerify Fix Applied:
After updating, test that file:// URLs are rejected by the BROWSERTOOL actions and only valid HTTP/HTTPS URLs are accepted.📡 Detection & Monitoring
Log Indicators:
- Unusual file:// URL patterns in request logs
- Multiple failed attempts to access local files via BROWSERTOOL actions
- Requests to sensitive file paths from unexpected sources
Network Indicators:
- Outbound requests to file:// URLs from composio instances
- Unusual patterns of requests to BROWSERTOOL endpoints
SIEM Query:
source="composio_logs" AND (url="file://*" OR action="BROWSERTOOL_*")