Bug 1790309 (CVE-2020-1925) - CVE-2020-1925 olingo-odata: Server side request forgery in AsyncResponseWrapperImpl
Summary: CVE-2020-1925 olingo-odata: Server side request forgery in AsyncResponseWrapp...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-1925
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 1790310
TreeView+ depends on / blocked
 
Reported: 2020-01-13 05:59 UTC by Pedro Sampaio
Modified: 2021-08-11 19:28 UTC (History)
11 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-08-11 19:28:18 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2021:3140 0 None None None 2021-08-11 18:22:39 UTC

Description Pedro Sampaio 2020-01-13 05:59:01 UTC
Apache Olingo versions 4.0.0 to 4.7.0 provide the AsyncRequestWrapperImpl class which reads a URL from the Location header, and then sends a GET or DELETE request to this URL. It may allow to implement a SSRF attack. If an attacker tricks a client to connect to a malicious server, the server can make the client call any URL including internal resources which are not directly accessible by the attacker.

Upstream issue:

https://issues.apache.org/jira/browse/OLINGO-1416

References:

https://mail-archives.apache.org/mod_mbox/olingo-user/202001.mbox/%3CCAGSZ4d6HwpF2woOrZJg_d0SkHytXJaCtAWXa3ZtBn33WG0YFvw%40mail.gmail.com%3E

Comment 2 Paramvir jindal 2020-01-16 06:01:06 UTC
This vulnerability is out of security support scope for the following products:

 * Red Hat JBoss Data Virtualization & Services 6

Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details.

Comment 3 errata-xmlrpc 2021-08-11 18:22:36 UTC
This issue has been addressed in the following products:

  Red Hat Fuse 7.9

Via RHSA-2021:3140 https://access.redhat.com/errata/RHSA-2021:3140

Comment 4 Product Security DevOps Team 2021-08-11 19:28:18 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-1925


Note You need to log in before you can comment on or make changes to this bug.