जमा करें #844665: AstrBotDevs AstrBot 4.25.2 Server-Side Request Forgery (CWE-918)जानकारी

शीर्षकAstrBotDevs AstrBot 4.25.2 Server-Side Request Forgery (CWE-918)
विवरण# Technical Details An authenticated SSRF exists in the MCP connection testing workflow implemented by `ToolsRoute.test_mcp_connection()` in `astrbot/dashboard/routes/tools.py`, `validate_mcp_stdio_config()` in `astrbot/core/agent/mcp_client.py`, and `_quick_test_mcp_connection()` in `astrbot/core/provider/func_tool_manager.py` of AstrBot. The application fails to validate user-supplied MCP URL targets before performing backend requests. URL-based configurations bypass stdio validation entirely, and the provider test path issues direct `aiohttp` requests to the supplied destination. No SSRF-specific protections were identified for scheme, hostname, resolved IP, loopback, private ranges, metadata endpoints, or redirects. # Vulnerable Code File: `astrbot/dashboard/routes/tools.py` Method: `ToolsRoute.test_mcp_connection()` Why: The route accepts attacker-controlled `mcp_server_config`, forwards it to `test_mcp_server_connection()`, and URL-based configs pass through `validate_mcp_stdio_config()` because that function returns immediately when `url` is present. `_quick_test_mcp_connection()` then performs outbound `POST`/`GET` requests directly to `cfg["url"]`. # Reproduction 1. Start an HTTP listener reachable from the AstrBot host. 2. Authenticate to the AstrBot dashboard. 3. Send `POST /api/tools/mcp/test` with JSON containing `mcp_server_config.url` set to an attacker-controlled endpoint such as `http://127.0.0.1:19001/mcp-test`. 4. Observe backend callbacks to the listener, even if the MCP handshake later fails. 5. Send a control request without the `url` field and confirm no listener callbacks occur. # Impact - Authenticated users can coerce the AstrBot server into making arbitrary outbound HTTP requests. - The vulnerability enables loopback probing, internal service discovery, and access attempts against internal-only endpoints reachable from the host.
स्रोत⚠️ https://gist.github.com/YLChen-007/b68732c140fb11d844b214cf2db50a5a
उपयोगकर्ता
 Eric-a (UID 96353)
सबमिशन01/06/2026 10:25 AM (1 महीना पहले)
संयम11/07/2026 02:42 PM (1 month later)
स्थितिस्वीकृत
VulDB प्रविष्टि377808 [AstrBotDevs AstrBot तक 4.25.2 MCP Test Endpoint tools.py ToolsRoute.test_mcp_connection mcp_server_config.url अधिकार वृद्धि]
अंक20

Do you know our Splunk app?

Download it now for free!