CVE-2022-29180 is a Server-Side Request Forgery (SSRF) vulnerability identified in the 'charm' application developed by charmbracelet, affecting versions from 0.9.0 up to but not including 0.12.1. SSRF vulnerabilities allow attackers to induce the server-side application to make HTTP requests to arbitrary domains or internal resources, potentially bypassing network restrictions and accessing sensitive internal systems. In this specific case, the vulnerability enables an attacker to forge HTTP requests that manipulate the 'charm' data directory, which could lead to unauthorized access or deletion of files on the server hosting the application. This manipulation of the data directory could compromise the integrity and availability of server data. However, encrypted user data stored on the Charm server remains protected, as the server cannot decrypt user data including filenames, paths, and key-value pairs, mitigating confidentiality risks related to user data. Additionally, users deploying Charm via the official Docker images face minimal risk because the exploit is constrained to the containerized filesystem, limiting the attack surface and potential damage. The vulnerability was discovered internally by the vendor and has been patched in version 0.12.1. No known exploits have been reported in the wild to date. The vulnerability is categorized under CWE-918, which relates to SSRF issues where an attacker can abuse functionality to make requests from the server to unintended locations. The patch addresses the issue by correcting how HTTP requests are handled and restricting unauthorized manipulation of the data directory. Given the nature of SSRF and the ability to manipulate server-side files, this vulnerability poses a moderate risk to affected deployments, especially self-hosted instances that are not containerized or otherwise sandboxed.

For European organizations using self-hosted instances of the 'charm' application within the affected version range, this vulnerability could lead to unauthorized access and deletion of server files, impacting data integrity and availability. While user data confidentiality is preserved due to encryption, the ability to delete or alter files could disrupt business operations, cause data loss, or require costly recovery efforts. Organizations relying on Charm for note-taking or knowledge management may face operational downtime or data inconsistency. The risk is higher for deployments on bare-metal or virtualized servers without container isolation, as the exploit can directly affect the host filesystem. Since no authentication or user interaction requirements are specified, if the application is exposed to untrusted networks, the attack surface increases. However, the absence of known active exploitation reduces immediate risk. European organizations with strict data protection regulations (e.g., GDPR) must consider the operational impact and potential compliance issues arising from data availability disruptions. The impact is mitigated for those using official Docker images or updated versions, but legacy deployments remain vulnerable. Overall, the threat could affect sectors where Charm is used internally, including SMEs and tech companies, especially those with less mature patch management processes.

1. Immediate upgrade to charm version 0.12.1 or later to apply the official patch addressing the SSRF vulnerability. 2. For organizations using self-hosted Charm instances, especially outside containerized environments, implement strict network segmentation and firewall rules to limit inbound access to the Charm server, reducing exposure to untrusted networks. 3. Deploy Charm within containerized or sandboxed environments (e.g., Docker) to contain potential filesystem manipulations and limit the scope of any exploitation. 4. Regularly audit and monitor file system integrity and access logs on servers running Charm to detect unusual file access or deletion activities. 5. Employ web application firewalls (WAFs) with custom rules to detect and block suspicious SSRF-like HTTP request patterns targeting the Charm server. 6. Enforce least privilege principles on the Charm server’s filesystem permissions to minimize the impact of any unauthorized file operations. 7. Conduct internal vulnerability scans and penetration tests focusing on SSRF vectors in self-hosted applications to proactively identify similar weaknesses. 8. Maintain an up-to-date inventory of all Charm deployments across the organization to ensure timely patching and risk assessment. 9. Educate system administrators about the risks of SSRF and the importance of applying vendor patches promptly.