| عنوان | YunaiV YuDao Cloud <=v2025.11 Server-Side Request Forgery |
|---|
| الوصف | YuDao Cloud is a microservices architecture enterprise-level backend framework. A critical Server-Side Request Forgery (SSRF) vulnerability has been identified in the BPM (Business Process Management) HTTP triggers functionality that allows authenticated users with BPM process design permissions to make arbitrary HTTP requests from the server, potentially exposing internal network resources. |
|---|
| المصدر | ⚠️ https://github.com/AnalogyC0de/public_exp/blob/main/archives/yudao-cloud-bpm_SSRF/report.md |
|---|
| المستخدم | Ana10gy (UID 93358) |
|---|
| ارسال | 09/12/2025 11:33 AM (6 أشهر منذ) |
|---|
| الاعتدال | 25/12/2025 05:08 PM (16 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 338429 [YunaiV yudao-cloud حتى 2025.11 Business Process Management BpmHttpCallbackTrigger/BpmSyncHttpRequestTrigger url/header/body تجاوز الصلاحيات] |
|---|
| النقاط | 19 |
|---|