Summary
A Server-Side Request Forgery (SSRF) vulnerability exists in the Prowler API Lighthouse Provider configuration. An authenticated attacker can abuse the openai_compatible provider type to supply a malicious base_url, causing the Prowler backend to issue outbound HTTP requests to attacker-controlled or internal network endpoints. During this process, sensitive API credentials provided by legitimate users are transmitted in the Authorization header, leading to credential theft, internal network reconnaissance, and potential cloud metadata exposure.
Details
The vulnerability resides in the Lighthouse Provider configuration feature of the Prowler API. When configuring a provider with the openai_compatible type, the application accepts a user-supplied base_url parameter without any validation, sanitization, or allowlisting.
Affected endpoints:
- POST /api/v1/lighthouse/providers
- POST /api/v1/lighthouse/providers/{id}/connection
Vulnerable parameter:
- base_url (within provider configuration)
Vulnerable code location:
- File: api/src/backend/tasks/jobs/lighthouse_providers.py
- Lines: 293–297
client = openai.OpenAI(
api_key=params["api_key"],
base_url=params["base_url"], # User-controlled input - NO VALIDATION
)
_ = client.models.list() # Triggers HTTP GET to {base_url}/models
Prerequisites:
- Valid authenticated user session (JWT token or API key)
- Access to Lighthouse provider configuration functionality
PoC
- Log in to the Prowler UI with valid credentials.
- Navigate to Settings → Lighthouse Providers.
- Click Add Provider and select OpenAI Compatible.
- Use the following values:
- Provider Type: openai_compatible
- Base URL: https:///v1
- API Key: TestSecretKey123
- Save the configuration or click Test Connection.
- Observe the incoming request on the attacker-controlled server.
Example request:
GET /v1/models HTTP/1.1
Authorization: Bearer TestSecretKey123
Impact
- Credential theft of LLM API keys
- Internal network reconnaissance
- Potential cloud metadata exposure
- Abuse of trusted internal APIs
This vulnerability can lead to financial loss, data exposure, and compromise of cloud infrastructure.
Summary
A Server-Side Request Forgery (SSRF) vulnerability exists in the Prowler API Lighthouse Provider configuration. An authenticated attacker can abuse the
openai_compatibleprovider type to supply a maliciousbase_url, causing the Prowler backend to issue outbound HTTP requests to attacker-controlled or internal network endpoints. During this process, sensitive API credentials provided by legitimate users are transmitted in theAuthorizationheader, leading to credential theft, internal network reconnaissance, and potential cloud metadata exposure.Details
The vulnerability resides in the Lighthouse Provider configuration feature of the Prowler API. When configuring a provider with the
openai_compatibletype, the application accepts a user-suppliedbase_urlparameter without any validation, sanitization, or allowlisting.Affected endpoints:
Vulnerable parameter:
Vulnerable code location:
Prerequisites:
PoC
Example request:
Impact
This vulnerability can lead to financial loss, data exposure, and compromise of cloud infrastructure.