CVE-2022-29188 is a Server-Side Request Forgery (SSRF) vulnerability identified in the Stripe Smokescreen HTTP proxy, specifically affecting versions prior to 0.0.4. Smokescreen is designed to mitigate SSRF attacks by acting as a proxy that restricts outbound HTTP requests from applications, preventing attackers from leveraging application behavior to access or scan internal infrastructure. It includes a deny list feature to block access to unauthorized external URLs. The vulnerability arises from an input validation flaw where the deny list filtering can be bypassed by enclosing a hostname in square brackets (e.g., [example.com]). This bypass allows malicious actors to circumvent the deny list and make unauthorized HTTP requests through the proxy. Notably, this issue only impacts HTTP proxy functionality; HTTPS requests remain unaffected. The flaw was patched in Smokescreen version 0.0.4. No known exploits have been reported in the wild to date. The vulnerability is classified under CWE-918, which covers SSRF issues where an attacker can induce the server to make unintended requests. The flaw could enable attackers to reach internal or restricted network resources, potentially exposing sensitive data or enabling further attacks within the internal network. However, exploitation requires the application to use the vulnerable Smokescreen HTTP proxy and to process attacker-controlled URLs. Since HTTPS proxying is not affected, the attack surface is somewhat limited. The vulnerability does not require authentication or user interaction beyond supplying crafted URLs to the application using Smokescreen. Overall, this vulnerability represents a medium-severity SSRF risk due to its potential to bypass access controls and reach internal systems, but with limited scope and no known active exploitation.

For European organizations, the impact of this vulnerability depends largely on the adoption of the Stripe Smokescreen HTTP proxy in their infrastructure. Organizations using Smokescreen versions prior to 0.0.4 for HTTP proxying are at risk of SSRF attacks that could allow attackers to access internal network resources, potentially leading to unauthorized data access, internal reconnaissance, or pivoting to other systems. This could compromise confidentiality and integrity of sensitive data, especially in sectors with critical internal services such as finance, healthcare, and government. The vulnerability does not affect HTTPS proxying, which limits the attack vector. However, if internal applications rely on HTTP proxying through Smokescreen and enforce deny lists for security, this bypass could undermine those protections. Given the medium severity and lack of known exploits, the immediate risk is moderate, but organizations with sensitive internal networks should prioritize remediation to prevent potential exploitation. The impact is heightened in environments where internal network segmentation and access controls rely heavily on Smokescreen's deny list enforcement. Additionally, organizations that expose internal services indirectly via applications using Smokescreen could see increased risk of lateral movement or data leakage if exploited.

European organizations should take the following specific mitigation steps: 1) Identify all instances of Stripe Smokescreen in their environment, focusing on versions prior to 0.0.4 used for HTTP proxying. 2) Immediately upgrade Smokescreen to version 0.0.4 or later to apply the patch that fixes the deny list bypass vulnerability. 3) Review and audit deny list configurations to ensure they are correctly enforced and consider additional validation or normalization of hostnames to prevent similar bypass techniques. 4) Where possible, prefer HTTPS proxying over HTTP proxying, as HTTPS requests are not affected by this vulnerability. 5) Implement network-level segmentation and firewall rules to restrict outbound HTTP requests from application servers, reducing reliance on application-layer proxies alone. 6) Monitor application logs and network traffic for unusual or unexpected outbound HTTP requests that could indicate attempts to exploit SSRF. 7) Conduct security testing and code reviews on applications utilizing Smokescreen to ensure no other SSRF vectors exist. 8) Educate development and security teams about SSRF risks and the importance of input validation and proxy configuration. These steps go beyond generic advice by focusing on the specific proxy version, configuration auditing, and network controls tailored to the Smokescreen context.