Horizon Alert
Summary of the vulnerability and why it matters
A Server-Side Request Forgery vulnerability has been identified in the Print Format functionality of ERPNext and Frappe Framework. This issue allows attackers to manipulate the PDF generation process to make the server request external resources, potentially exposing sensitive internal information.
- Server forced to fetch unwanted external data.
- Remember: unintended server requests can leak secrets.
- Confirm if our ERPNext or Frappe is exposed.
Attack Path
How an attacker could exploit the issue
An attacker can exploit this vulnerability by submitting crafted HTML content to the Print Format functionality, which is insufficiently sanitized. The application then renders this HTML into a PDF, causing the server to fetch resources referenced in the HTML, such as from an `<iframe>` tag. This allows an attacker to direct the server to make requests to internal network resources or cloud metadata endpoints, potentially exposing sensitive information.
- Entry Condition: No authentication or special privileges are required.
- Trigger Point: User-supplied HTML in Print Format.
- Resulting Risk: Sensitive information disclosure via SSRF.
Live Threat
Current exploitation, exposure, and threat context
This vulnerability could allow an unauthenticated attacker to trick the ERPNext server into accessing internal network resources or cloud metadata endpoints. When generating PDFs from attacker-controlled HTML, the server fetches external resources, potentially exposing sensitive system or cloud configuration data.
- Internal network resources.
- Server fetches external resources.
- Sensitive information disclosure.
Operational Fix
Recommended remediation, mitigation, and detection steps
The Print Format functionality in ERPNext and Frappe Framework, vulnerable to SSRF, necessitates action from teams managing these applications. Initial steps should focus on asset discovery to identify all instances, followed by an assessment of their reachability and business criticality. Once accountable owners are identified, remediation plans can be developed based on the assessed risk.
- Application owners should lead remediation.
- Verify SSRF exposure and impact first.
- Plan vendor coordination and patching.