जमा करें #858043: 1Panel-dev CordysCRM 1.4.1 Server-Side Request Forgeryजानकारी

शीर्षक1Panel-dev CordysCRM 1.4.1 Server-Side Request Forgery
विवरणThe IntegrationConfigService component in CordysCRM v1.4.1 contains a Server-Side Request Forgery (SSRF) vulnerability. This vulnerability stems from the lack of input validation on the mkAddress parameter in the /organization/settings/third-party/edit endpoint when processing MAXKB configuration requests. The parameter is directly concatenated into a URL and used to make HTTP requests without whitelist validation, protocol restriction, or internal IP blocking. Attackers can craft malicious mkAddress values to force the server to make requests to arbitrary external addresses, potentially leading to internal network reconnaissance or data leakage.
स्रोत⚠️ https://github.com/1Panel-dev/CordysCRM/issues/2685
उपयोगकर्ता
 liushaozhe (UID 83234)
सबमिशन13/06/2026 07:36 PM (1 महीना पहले)
संयम18/07/2026 02:11 PM (1 month later)
स्थितिस्वीकृत
VulDB प्रविष्टि380044 [1Panel-dev CordysCRM तक 1.4.1 Third Party Endpoint TokenService.java mkAddress अधिकार वृद्धि]
अंक20

Do you need the next level of professionalism?

Upgrade your account now!