| 제목 | YunaiV YuDao Cloud <=v2025.11 Server-Side Request Forgery |
|---|
| 설명 | YuDao Cloud is a microservices architecture enterprise-level backend framework. A critical Server-Side Request Forgery (SSRF) vulnerability has been identified in the BPM (Business Process Management) HTTP triggers functionality that allows authenticated users with BPM process design permissions to make arbitrary HTTP requests from the server, potentially exposing internal network resources. |
|---|
| 원천 | ⚠️ https://github.com/AnalogyC0de/public_exp/blob/main/archives/yudao-cloud-bpm_SSRF/report.md |
|---|
| 사용자 | Ana10gy (UID 93358) |
|---|
| 제출 | 2025. 12. 09. AM 11:33 (6 개월 ago) |
|---|
| 모더레이션 | 2025. 12. 25. PM 05:08 (16 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 338429 [YunaiV yudao-cloud 까지 2025.11 Business Process Management BpmHttpCallbackTrigger/BpmSyncHttpRequestTrigger url/header/body 권한 상승] |
|---|
| 포인트들 | 19 |
|---|