Got Follows Redirects to Unix Sockets
We discussed this vulnerability during Episode 157 on 10 October 2022
The title says pretty much all that you need to know, the got
HTTP request library for Node will follow redirects to a Unix socket. So an attacker who can invoke a request (SSRF) to a server they control could redirect that request back towards a unix socket on the local machine. The actual damage you could do with this would vary depending on what is available on the target server, but services running with a unix socket tend to be more privileged, like the docker management service is often exposed at unix:/var/run/docker.sock
.
An attacker would already need some sort of SSRF issue to abuse this, but the idea of targeting unix sockets is not something I’ve considered before.