Skip to content

Server-Side Request Forgery (SSRF) in Lighthouse Provider

High
jfagoagas published GHSA-fhj4-q47f-w7mv Jul 10, 2026

Package

Prowler API (Docker Image)

Affected versions

<=5.33.0

Patched versions

5.33.1

Description

Summary

A Server-Side Request Forgery (SSRF) vulnerability exists in the Prowler API Lighthouse Provider configuration. An authenticated attacker can abuse the openai_compatible provider type to supply a malicious base_url, causing the Prowler backend to issue outbound HTTP requests to attacker-controlled or internal network endpoints. During this process, sensitive API credentials provided by legitimate users are transmitted in the Authorization header, leading to credential theft, internal network reconnaissance, and potential cloud metadata exposure.

Details

The vulnerability resides in the Lighthouse Provider configuration feature of the Prowler API. When configuring a provider with the openai_compatible type, the application accepts a user-supplied base_url parameter without any validation, sanitization, or allowlisting.

Affected endpoints:

  • POST /api/v1/lighthouse/providers
  • POST /api/v1/lighthouse/providers/{id}/connection

Vulnerable parameter:

  • base_url (within provider configuration)

Vulnerable code location:

  • File: api/src/backend/tasks/jobs/lighthouse_providers.py
  • Lines: 293–297
client = openai.OpenAI(
    api_key=params["api_key"],
    base_url=params["base_url"],  # User-controlled input - NO VALIDATION
)
_ = client.models.list()  # Triggers HTTP GET to {base_url}/models

Prerequisites:

  • Valid authenticated user session (JWT token or API key)
  • Access to Lighthouse provider configuration functionality

PoC

  1. Log in to the Prowler UI with valid credentials.
  2. Navigate to Settings → Lighthouse Providers.
  3. Click Add Provider and select OpenAI Compatible.
  4. Use the following values:
    • Provider Type: openai_compatible
    • Base URL: https:///v1
    • API Key: TestSecretKey123
  5. Save the configuration or click Test Connection.
  6. Observe the incoming request on the attacker-controlled server.

Example request:

GET /v1/models HTTP/1.1
Authorization: Bearer TestSecretKey123

Impact

  • Credential theft of LLM API keys
  • Internal network reconnaissance
  • Potential cloud metadata exposure
  • Abuse of trusted internal APIs

This vulnerability can lead to financial loss, data exposure, and compromise of cloud infrastructure.

Screenshot 2026-02-01 at 2 40 23 PM Screenshot 2026-02-01 at 1 57 51 PM

Severity

High

CVSS overall score

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS).
/ 10

CVSS v3 base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
High
User interaction
None
Scope
Changed
Confidentiality
High
Integrity
Low
Availability
None

CVSS v3 base metrics

Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.
Attack complexity: More severe for the least complex attacks.
Privileges required: More severe if no privileges are required.
User interaction: More severe when no user interaction is required.
Scope: More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.
Confidentiality: More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.
Integrity: More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.
Availability: More severe when the loss of impacted component availability is highest.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N

CVE ID

No known CVE

Weaknesses

No CWEs

Credits