Name of the Vulnerable Software and Affected Versions Presto JDBC (affected versions not specified)

Description Presto JDBC is vulnerable to Server-Side Request Forgery (SSRF) when connecting to a remote Presto server. An attacker can construct a redirect response that the Presto JDBC client will follow, allowing them to view sensitive information from internal servers or perform a local port scan. The client uses OkHttp to send POST /v1/statement and GET /v1/info requests to the remote Presto server, and OkHttp will follow 301 and 302 redirects by default. Additionally, JDBC will manually follow 307 and 308 redirects. If a malicious server returns a 30x redirect, the JDBC client will follow the redirect and cause SSRF. The response body of the internal server will be leaked if the server returns the error directly to the user.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the redirect by default, and add a JDBC parameter such as allowRedirect to control the redirect behavior. Additionally, consider modifying the JDBC source code to only take the path of nextUri instead of the complete URL, or add a JDBC parameter to control this behavior.