CVE-2022-1711 Scanner

draw.io (also known as diagrams.net) is an open-source diagramming tool used to create flowcharts, process diagrams, and various other graphical representations. It is widely used for its ease of integration with platforms like Google Drive, Confluence, and other productivity software. The tool allows users to design complex diagrams collaboratively in real time, making it a popular choice for both individuals and teams. Being an open-source project, it has a wide user base and is regularly updated with new features and improvements. draw.io supports multiple formats for saving and sharing diagrams, and it offers both online and offline modes for diagram creation. As a versatile tool, it is often used in business, education, and technical environments to visualize complex systems and processes.

The vulnerability in draw.io, identified as Server Side Request Forgery (SSRF), exists in the ProxyServlet component. This vulnerability occurs because the application does not properly validate the URLs passed to its proxy endpoint. Attackers can exploit this flaw to send malicious requests to internal services or external servers, bypassing URL validation restrictions. SSRF vulnerabilities can allow attackers to access sensitive internal resources that would otherwise be inaccessible. By making requests to internal services, attackers can gain unauthorized access to data, potentially leading to data exfiltration or service disruption.

The SSRF vulnerability is triggered when an attacker sends a specially crafted request to the 'proxy' endpoint with an arbitrary URL, such as 'http://{{interactsh-url}}'. Since the application fails to validate the URL properly, the request is forwarded to the internal or external destination, depending on the crafted URL. This allows the attacker to perform unauthorized actions, such as probing internal services, accessing sensitive data, or interacting with other systems that are not intended to be reachable. The vulnerability is particularly dangerous as it can be exploited by unauthenticated users, making it easy for attackers to target systems remotely.

Exploiting this SSRF vulnerability can lead to serious security risks, including unauthorized access to internal services or data. Attackers may use this flaw to probe sensitive systems and retrieve information, potentially exposing internal resources to unauthorized access. The attacker could also use the vulnerability to trigger internal system calls that could lead to further exploitation. In some cases, attackers may be able to execute commands or gain access to databases or authentication systems. The exploitation of this vulnerability could lead to data leakage, system compromise, or service disruptions, making it a critical issue for any organization using affected versions of draw.io.

References:

• https://huntr.dev/bounties/c32afff5-6ad5-4d4d-beea-f55ab4925797
• https://github.com/jgraph/drawio/commit/cf5c78aa0f3127fb10053db55b39f3017a0654ae
• https://nvd.nist.gov/vuln/detail/CVE-2022-1711