CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
Confidence
High
SERVER_SIDE_FIDES_API_URL
is a server-side configuration environment variable used by the Fides Privacy Center to communicate with the Fides webserver backend. The value of this variable is a URL which typically includes a private IP address, private domain name, and/or port.
This vulnerability allows an unauthenticated attacker to make a HTTP GET request from the Privacy Center that discloses the value of this server-side URL.
Disclosure of server-side configuration giving an attacker information on server-side ports, private IP addresses, and/or private domain names.
The vulnerability has been patched in Fides version 2.39.2
. Users are advised to upgrade to this version or later to secure their systems against this threat.
There are no workarounds.
Set the value of the environment variable FIDES_PRIVACY_CENTER__SERVER_SIDE_FIDES_API_URL
of your Fides Privacy Center container before start-up to a private value such as https://some.private.domain.name/api/v1
and start the Privacy Center application.
Once the application is up, perform a HTTP GET request of the Privacy Center’s main page e.g. https://privacy.example.com
. The value of SERVER_SIDE_FIDES_API_URL
is returned in the response’s body.
~ ❯ curl -s https://privacy.example.com/ | \
grep '__NEXT_DATA__' | \
sed 's/.*<script id="__NEXT_DATA__" type="application\/json">//;s/<\/script>.*//' | \
jq '.props.serverEnvironment.settings.SERVER_SIDE_FIDES_API_URL'
"https://some.private.domain.name/api/v1"