| タイトル | 1Panel-dev CordysCRM 1.4.1 Server-Side Request Forgery |
|---|
| 説明 | The IntegrationConfigService component in CordysCRM v1.4.1 contains a Server-Side Request Forgery (SSRF) vulnerability. This vulnerability stems from the getSqlBotSrc() method extracting URLs from the appSecret parameter using regex pattern without proper validation. Extracted URLs are directly used to create HTTP connections via URI.create(jsUrl).toURL().openConnection() in the /organization/settings/third-party/edit endpoint. No whitelist validation, protocol restriction, or internal IP blocking is applied. Attackers can inject malicious URLs via the appSecret parameter (e.g., appSecret": "src="<http://malicious\\>"").
|
|---|
| ソース | ⚠️ https://github.com/1Panel-dev/CordysCRM/issues/2687 |
|---|
| ユーザー | liushaozhe (UID 83234) |
|---|
| 送信 | 2026年06月13日 19:39 (1 月 ago) |
|---|
| モデレーション | 2026年07月18日 14:11 (1 month later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 380045 [1Panel-dev CordysCRM 迄 1.4.1 Third Party Edit Endpoint IntegrationConfigService.java getSqlBotSrc appSecret 特権昇格] |
|---|
| ポイント | 20 |
|---|