Vulnerabilities > CVE-2023-50259 - Server-Side Request Forgery (SSRF) vulnerability in Pymedusa Medusa
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
LOW Availability impact
NONE Summary
Medusa is an automatic video library manager for TV shows. Versions prior to 1.0.19 are vulnerable to unauthenticated blind server-side request forgery (SSRF). The `testslack` request handler in `medusa/server/web/home/handler.py` does not validate the user-controlled `slack_webhook` variable and passes it to the `notifiers.slack_notifier.test_notify` method, then `_notify_slack` and finally `_send_slack` method, which sends a POST request to the user-controlled URL on line 103 in `/medusa/notifiers/slack.py`, which leads to a blind server-side request forgery (SSRF). This issue allows for crafting POST requests on behalf of the Medusa server. Version 1.0.19 contains a fix for the issue.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://github.com/pymedusa/Medusa/security/advisories/GHSA-8mcr-vffr-jwxv
- https://github.com/pymedusa/Medusa/blob/3d656652ab277e47689483912ed7fc443e7023e8/medusa/notifiers/slack.py#L103
- https://github.com/pymedusa/Medusa/blob/3d656652ab277e47689483912ed7fc443e7023e8/medusa/server/web/home/handler.py#L168
- https://github.com/pymedusa/Medusa/releases/tag/v1.0.19
- https://securitylab.github.com/advisories/GHSL-2023-201_GHSL-2023-202_Medusa/