An unauthenticated vulnerability in the Nitter media proxy allows attackers to bypass URL validation and manipulate HMAC signatures, posing a significant risk of unauthorized content delivery.

The vulnerability exists in the /video media proxy endpoint, which fails to validate target URLs against authorized domains and utilizes a hardcoded HMAC key. This allows unauthenticated attackers to forge valid HMAC signatures and force the server to proxy arbitrary URLs.

The ability to force a media proxy to retrieve arbitrary content can lead to server-side request forgery (SSRF) and potential exfiltration of internal network resources. With a CVSS score of 8.6, this high-severity flaw threatens the integrity of the hosting environment and could be leveraged to bypass network perimeter security, leading to potential data exposure or further internal system compromise.

Immediate Action: Update Nitter to the latest version provided by the vendor to remediate the hardcoded key and implement proper URL validation.

Proactive Monitoring: Review web server and application access logs for unusual requests directed at the /video endpoint, specifically looking for non-Twitter/X domain targets.

Compensating Controls: Deploy a Web Application Firewall (WAF) to restrict access to the /video endpoint and filter outgoing requests to ensure only authorized domains are contacted.

Public Exploit Available: false

Given the high CVSS score and the ease of exploitation afforded by the hardcoded HMAC key, administrators should prioritize patching immediately. Organizations must ensure that their Nitter instances are not exposed to untrusted networks while awaiting or applying updates to mitigate the risk of unauthorized proxy abuse.