Dozzle is a realtime log viewer for Docker containers. Before version 10.5.2, the POST /api/notifications/test-webhook endpoint is accessible without authentication in default deployments (no DOZZLE_AUTH_PROVIDER set). This endpoint allows an attacker to supply a URL that the server will POST to, including attacker-controlled headers. The server returns the HTTP status and up to 1MB of the response body if the response is non-2xx. This SSRF vulnerability (CWE-918) could be exploited remotely without privileges, potentially allowing attackers to interact with internal or external systems via the server. The vulnerability is resolved in version 10.5.2.

An unauthenticated remote attacker can exploit this SSRF vulnerability to make the server send HTTP POST requests to arbitrary URLs with attacker-controlled headers. The attacker receives the HTTP status and partial response body from the target if it returns a non-2xx status. This can lead to information disclosure about internal or external services accessible from the server. The CVSS 3.1 base score is 8.6 (High), reflecting network attack vector, low complexity, no privileges or user interaction required, and high confidentiality impact. There is no indication of known exploits in the wild at this time.

This vulnerability is fixed in dozzle version 10.5.2. Users should upgrade to version 10.5.2 or later to remediate this issue. No official remediation level is provided beyond the fix. Since this is not a cloud service, patching the affected software version is required. Until upgraded, users should avoid deploying dozzle without authentication configured (i.e., set DOZZLE_AUTH_PROVIDER) to reduce exposure. Patch status is confirmed by the vendor stating the fix is in 10.5.2.