| Título | Bytedesk <=1.3.9 SSRF |
|---|
| Descripción | The endpoint GET /gitee/api/v1/models passes a user-supplied apiUrl parameter directly to RestTemplate.exchange() without any URL validation or allowlist. The server issues an HTTP request to the attacker-controlled URL. DNS callback logs confirm the server-side request originating from the target, enabling SSRF attacks including internal network probing, cloud IMDS access, and potential credential exfiltration.
|
|---|
| Fuente | ⚠️ https://github.com/Bytedesk/bytedesk/issues/21 |
|---|
| Usuario | ZAST.AI (UID 87884) |
|---|
| Sumisión | 2026-02-26 07:19 (hace 1 mes) |
|---|
| Moderación | 2026-03-08 08:20 (10 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 349756 [Bytedesk hasta 1.3.9 SpringAIGiteeRestController SpringAIGiteeRestService.java getModels apiUrl escalada de privilegios] |
|---|
| Puntos | 19 |
|---|