CVE-2022-35508 is a critical security vulnerability affecting Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG). The vulnerability arises from a Server-Side Request Forgery (SSRF) flaw in the HTTP proxying mechanism between the pve(pmg)proxy and pve(pmg)daemon components. An attacker with an unprivileged account can craft specially designed HTTP requests that exploit this SSRF vulnerability to access internal resources and disclose arbitrary files on the server. This file disclosure risk is significant as it can expose sensitive configuration files, credentials, or other critical data stored on the server. Furthermore, in Proxmox Mail Gateway, an additional privilege escalation vector exists if the backup feature has been used. Backup files named in the format pmg-backup_YYYY_MM_DD_*.tgz are created with permissive 0644 file permissions, allowing any user on the system to read them. These backup archives contain an authkey value that can be leveraged to escalate privileges to the root@pam account, effectively granting full administrative control over the system. The vulnerability is tracked under CWE-918 (Server-Side Request Forgery) and has been assigned a CVSS v3.1 score of 9.8, indicating critical severity. The flaw was addressed in the pve-http-server version 4.1-3, which mitigates the SSRF and privilege escalation issues. No known exploits in the wild have been reported to date, but the ease of exploitation without authentication or user interaction makes this a high-risk vulnerability for affected deployments.

For European organizations using Proxmox Virtual Environment or Proxmox Mail Gateway, this vulnerability poses a severe risk to confidentiality, integrity, and availability. The SSRF flaw allows attackers to bypass network segmentation and access internal services or files that should be protected, potentially leading to data breaches or further compromise. The privilege escalation in PMG backup files can result in full system takeover, enabling attackers to manipulate mail gateway operations, intercept or alter email traffic, or disrupt services. Given Proxmox's popularity in European data centers and enterprises for virtualization and mail security, exploitation could lead to significant operational disruption, data loss, and reputational damage. Critical infrastructure providers, financial institutions, and government agencies relying on Proxmox solutions are particularly at risk due to the sensitive nature of their data and services. The vulnerability’s ability to be exploited by unprivileged users without authentication or user interaction further exacerbates the threat, increasing the likelihood of insider threats or automated attacks.

1. Immediate upgrade to pve-http-server version 4.1-3 or later to apply the official patch addressing the SSRF and privilege escalation vulnerabilities. 2. Audit existing backup files on Proxmox Mail Gateway systems for the presence of pmg-backup_*.tgz archives with 0644 permissions and restrict access by changing file permissions to 0600 or moving them to secure storage accessible only by privileged users. 3. Implement strict access controls and monitoring on Proxmox management interfaces to detect anomalous HTTP requests indicative of SSRF exploitation attempts. 4. Employ network segmentation and firewall rules to limit the ability of the Proxmox proxy components to access internal services unnecessarily, reducing the attack surface for SSRF. 5. Regularly review and rotate authentication keys and credentials stored within backup files or configuration to mitigate risks from any previously exposed secrets. 6. Conduct thorough security assessments and penetration testing focused on SSRF and privilege escalation vectors within Proxmox environments. 7. Educate system administrators on the risks associated with backup file permissions and the importance of applying vendor patches promptly.