| タイトル | JoeCastrom mcp-chat-studio 1.5.0 Server-Side Request Forgery |
|---|
| 説明 | The mcp-chat-studio application contains a server-side request forgery (SSRF) vulnerability because attacker-controlled input can reach outbound HTTP request functions without proper destination validation. Specifically, the /api/llm/models endpoint directly uses the req.query.base_url parameter in a fetch() call to {baseUrl}/api/tags (in server/routes/llm.js), and the workflow execution endpoint accepts a llmConfig object from the request body that later controls the auth_url or endpoint parameters passed to axios.post() calls in LLMClient.js (via server/routes/workflows.js). As a result, an unauthenticated attacker can coerce the server into issuing arbitrary HTTP requests to loopback addresses, RFC1918 private IP ranges, link‑local addresses, or cloud metadata services, enabling SSRF attacks that may expose sensitive internal resources. |
|---|
| ソース | ⚠️ https://github.com/JoeCastrom/mcp-chat-studio/issues/4 |
|---|
| ユーザー | MidA (UID 96794) |
|---|
| 送信 | 2026年04月10日 10:04 (2 月 ago) |
|---|
| モデレーション | 2026年04月26日 21:59 (16 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 359746 [JoeCastrom mcp-chat-studio 迄 1.5.0 LLM Models API server/routes/llm.js req.query.base_url 特権昇格] |
|---|
| ポイント | 20 |
|---|