Server-side Request Forgery (SSRF)
Synopsis
A vulnerability has been found in git, which also can be triggered through the Kallithea UI. An attacker could make Kallithea execute a 'git clone' with a specially crafted URL, which allows them to send arbitrary packets into the local network accessible from the server.
Description
Please find more details on the reporter's website [2]
Thanks to stypr of Flatt Security for reporting this vulnerability.
Resolution / Affected versions
While the issue is actually in the git client, a mitigation is added to
Kallithea release 0.6.3. Users are advised to upgrade as soon as possible.
To our knowledge, no git version with a fix of the root cause has been
released.
References
Mercurial changeset fixing the issue https://kallithea-scm.org/repos/kallithea/changeset/a8a51a3bdb6181e498a862f84eb2d50928330a68
Blog post by the reporter (stypr) https://blog.harold.kim/2020/11/invalid-url-on-git-clone-leading-to-ssrf