CVE-2024-53275
GHSL-2024-091: DNS rebinding attack in home-gallery
En resumen
Home-Gallery es vulnerable a ataques de rebinding DNS cuando se configura sin TLS y autenticación (configuración por defecto). Un atacante puede engañar a un usuario para que visite un sitio malicioso que lo redirige a la instancia Home-Gallery local de la víctima para robar fotos sin permiso.
Detalle técnico
Vulnerabilidad de rebinding DNS en Home-Gallery 1.15.0 y anteriores explota la falta predeterminada de TLS y autenticación. El atacante manipula registros DNS para redirigir solicitudes desde su dominio a la dirección IP interna de Home-Gallery de la víctima, extrayendo datos de fotos mediante la API sin autenticar. El ataque requiere interacción del usuario (visitar el sitio del atacante) pero elude protecciones de same-origin policy.
Resumen generado y traducido por IA a partir de la descripción oficial.
Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. In 1.15.0 and earlier, the default setup of home-gallery is vulnerable to DNS rebinding. Home-gallery is set up without TLS and user authentication by default, leaving it vulnerable to DNS rebinding. In this attack, an attacker will ask a user to visit their website. The attacker website will then change the DNS records of their domain from their IP address to the internal IP address of the home-gallery instance. To tell which IP addresses are valid, we can rebind a subdomain to each IP address we want to check, and see if there is a response. Once potential candidates have been found, the attacker can launch the attack by reading the response of the web server after the IP address has changed. When the attacker domain is fetched, the response will be from the home-gallery instance, not the attacker website, because the IP address has been changed. Due to a lack of authentication, home-gallery photos can then be extracted by the attacker website.
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N