Serious Netlify Vulnerability Could Allow XSS, SSRF Attacks

A serious security vulnerability existed in the Netlify cloud computing platform that allowed cross-site scripting attacks. Netlify has released a patch for the flaw with version 1.2.3. Users must ensure updating their systems with the latest release to receive the fix.

Netlify Cache Poisoning Vulnerability

Security researcher Sam Curry has elaborated on the severe Netlify vulnerability in a blog post.

As stated, the researcher discovered the vulnerability in the Next.js “netlify-ipx” repository. Exploiting the flaw could allow an adversary to perform cross-site scripting (XSS) and server-side request forgery (SSRF) attacks on the target website.

The vulnerability typically affected the websites using Next.js for the relevant Web3 functionality. Some popular platforms vulnerable to this issue include Celo, DocuSign, Moonpay, Gemini, and PancakeSwap.

In brief, the researchers found numerous security issues when scanning the platform for security. The first of these includes an open redirect on the “_next/image” handler, exploiting which could let an attacker redirect HTTP response to arbitrary websites. On OAuth whitelisted sites, exploiting the flaw could even allow the adversary to take over target accounts.

Next, the researchers found XSS and SSRF vulnerabilities on websites with whitelisted host in the configuration file and running the “@netlify/ipx” library. An attacker could exploit the flaw via maliciously crafted SVG files to execute arbitrary JavaScript codes and write arbitrary HTML.

In addition, the researchers noticed a full XSS and SSRF in the “netlify-ipx” library due to improper “x-forwarded-proto” header handling. An attacker could exploit the flaw to create stored XSS endpoint that may execute arbitrary codes upon loading.

Curry has shared the details about the vulnerability, CVE-2022-39239, in his post.

Netlify Deployed A Patch

Upon finding the bugs, the researcher reached out to Netlify developers, informing them of the flaw. In response, the vendor released a detailed advisory on GitHub, acknowledging the vulnerability. Alongside describing the issue, the vendors confirmed fixing the flaw with the release of Netlify version 1.2.3.

Besides, stating the workarounds, the advisory reads,

The problem is no longer exploitable on Netlify as the CDN now sanitizes the relevant header. Cached content can be cleared by re-deploying the site.

Let us know your thoughts in the comments.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil