pingora request smuggling and cache poisoning #2322
Conversation
Pingora has a request smuggling and cache poisoning vulnerability affecting versions 0.5.0 and older, as documented here: https://blog.cloudflare.com/resolving-a-request-smuggling-vulnerability-in-pingora/
|
None of the categories appear to quite fit this vuln. Could I get some input from a maintainer on if leaving that blank is the correct move, or if one of the categories might encompass this vulnerability? |
|
I think privilege escalation comes closest probably? This does allow an attacker to do things that they normally should not be able to do? |
|
Also probably good to clean out the comments and give it a correct CVSS? |
I can't really calculate a useful score here. It's very dependent on how you are using the framework and what you are doing. Though I suppose this criticism of CVSS scores can be made it 90% of cases. I can clean out the comments though! |
Maybe? I can construct scenarios where this could be used to bypass ACLs I suppose. |
|
But also, the wording of "privilege escalation" seems too focused for what you can do here. |
|
And actually, I'm not sure now that I think about it that you could really use this to bypass ACLs on any realistic configuration. |
|
Actually, since there is a CVE now I will link that and use the existing score. |
|
Nevermind, I don't know if that one is finalized, leaving commented for now |
|
@djc I've added the CVE now that it's live and also added the CVSS |
|
@djc I only have a CVSS 4.0, which is unsupported. I'm going to drop it as it's in the linked CVE. |
|
I'm good with merging this now. |
Pingora has a request smuggling and cache poisoning vulnerability affecting versions 0.5.0 and older, as documented here: https://blog.cloudflare.com/resolving-a-request-smuggling-vulnerability-in-pingora/