Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2023-37788
CVE-2023-37788:
Grafana vulnerability analysis and mitigation
Overview
A vulnerability was discovered in goproxy v1.1 that could lead to a Denial of Service (DoS) condition. The vulnerability was assigned CVE-2023-37788 and was reported on July 10, 2023. The issue affects the goproxy software when running in MITM (Man in the Middle) mode (GitHub Issue).
Technical details
The vulnerability is triggered when a HTTP request to an HTTPS page replaces the path '/' with an asterisk '*' character, causing the goproxy server to crash in MITM mode. The issue manifests as a runtime error with an invalid memory address or nil pointer dereference, resulting in a segmentation violation. The vulnerability has been assigned a CVSS v3.1 base score of 7.5 HIGH (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (NVD).
Impact
When successfully exploited, this vulnerability can cause a denial of service condition by crashing the goproxy server. The impact is particularly significant when the server is running in MITM mode, affecting the availability of proxy services (GitHub Issue).
Additional resources
Source: This report was generated using AI
Related Grafana vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management