| عنوان | welovemedia FFmate <= v2.0.15 Server-Side Request Forgery |
|---|
| الوصف | A Server-Side Request Forgery (SSRF) vulnerability exists in FFmate ≤ v2.0.15 at the webhook functionality, where user-controlled URLs are directly used to initiate HTTP requests without validation or restriction on the target destination. As a result, attackers can configure webhook URLs pointing to internal resources, which are then accessed by the server when webhook events are triggered. This enables attackers to probe internal network services, access metadata endpoints, bypass firewall restrictions, perform port scanning of internal infrastructure, and potentially exfiltrate sensitive data from services that should not be externally accessible. Mitigations include implementing strict URL validation with allowlists of permitted domains and protocols, blocking requests to private IP ranges, using a dedicated egress proxy with filtering capabilities, implementing network segmentation to isolate the application server from sensitive internal services, and conducting thorough security reviews of all external request functionality. |
|---|
| المصدر | ⚠️ https://github.com/CC-T-454455/Vulnerabilities/tree/master/ffmate/vulnerability-1 |
|---|
| المستخدم | Anonymous User |
|---|
| ارسال | 22/02/2026 04:47 PM (2 أشهر منذ) |
|---|
| الاعتدال | 06/03/2026 10:29 PM (12 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 349583 [welovemedia FFmate حتى 2.0.15 webhook.go fireWebhook تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|