| عنوان | YunaiV yudao-cloud 2026.03 Server-Side Request Forgery |
|---|
| الوصف | module for managing device data sinks (destinations for IoT device message forwarding). A stored SSRF vulnerability exists in the platform’s IoT data sink configuration mechanism:
Authenticated administrators can create/modify HTTP/TCP/WebSocket/MQTT data sink configurations with arbitrary malicious URLs/addresses. These unvalidated connection addresses are persistently stored in the MySQL database. When an IoT device sends a message, the platform automatically triggers the data sink and uses RestTemplate (for HTTP) and native socket clients (for TCP/WebSocket/MQTT) to initiate outbound requests without any URL validation, internal IP filtering, protocol restrictions, or cloud metadata protection.
This flaw allows privileged attackers to force the yudao-cloud server to send unauthorized requests to internal network services, cloud instance metadata APIs, localhost services, or arbitrary external targets—fully bypassing network perimeter security controls. |
|---|
| المصدر | ⚠️ https://github.com/fakebug111/my_public_bug/blob/main/issus05.md |
|---|
| المستخدم | fakebug (UID 94486) |
|---|
| ارسال | 27/04/2026 09:07 AM (1 شهر منذ) |
|---|
| الاعتدال | 24/05/2026 10:12 AM (27 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 365445 [YunaiV yudao-cloud 2026.03 Admin API Endpoint create IotDataSinkHttpConfig تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|