Soumettre #768043: Bytedesk <=1.3.9 SSRFinformation

TitreBytedesk <=1.3.9 SSRF
DescriptionThe endpoint GET /openrouter/api/v1/models accepts a user-supplied apiUrl parameter and passes it directly to a RestTemplate.exchange() call without validation or allowlist enforcement. An attacker supplies an attacker-controlled URL, causing the server to issue an outbound HTTP request to an arbitrary host. DNS callback logs confirm the SSRF, enabling internal network scanning, cloud metadata access, or credential theft.
La source⚠️ https://github.com/Bytedesk/bytedesk/issues/20
Utilisateur
 ZAST.AI (UID 87884)
Soumission26/02/2026 07:19 (il y a 1 mois)
Modérer08/03/2026 08:20 (10 days later)
StatutAccepté
Entrée VulDB349755 [Bytedesk jusqu’à 1.3.9 SpringAIOpenrouterRestController SpringAIOpenrouterRestService.java getModels apiUrl élévation de privilèges]
Points19

PrécédentAperçuSuivant

Interested in the pricing of exploits?

See the underground prices here!