जमा करें #768044: Bytedesk <=1.3.9 SSRFजानकारी

शीर्षकBytedesk <=1.3.9 SSRF
विवरणThe endpoint GET /gitee/api/v1/models passes a user-supplied apiUrl parameter directly to RestTemplate.exchange() without any URL validation or allowlist. The server issues an HTTP request to the attacker-controlled URL. DNS callback logs confirm the server-side request originating from the target, enabling SSRF attacks including internal network probing, cloud IMDS access, and potential credential exfiltration.
स्रोत⚠️ https://github.com/Bytedesk/bytedesk/issues/21
उपयोगकर्ता
 ZAST.AI (UID 87884)
सबमिशन26/02/2026 07:19 AM (5 महीनों पहले)
संयम08/03/2026 08:20 AM (10 days later)
स्थितिस्वीकृत
VulDB प्रविष्टि349756 [Bytedesk तक 1.3.9 SpringAIGiteeRestController SpringAIGiteeRestService.java getModels apiUrl अधिकार वृद्धि]
अंक19

Want to know what is going to be exploited?

We predict KEV entries!