CVE-2022-24856

Name of the Vulnerable Software and Affected Versions FlyteConsole versions prior to 0.52.0

Description The issue concerns server-side request forgery (SSRF) when FlyteConsole is exposed to the general internet. An attacker can exploit this to access internal metadata servers or other unauthenticated URLs, potentially leading to the passing of headers to unauthorized actors.

Recommendations For FlyteConsole versions prior to 0.52.0, update to version 0.52.0, which includes a patch that deletes the entire cors proxy as it is no longer required for the console. As a temporary workaround, consider disabling FlyteConsole's availability on the internet to minimize the risk of exploitation.