| 제목 | Dataease SQLbot <= v1.6.0 Server-Side Request Forgery |
|---|
| 설명 | ### Vulnerability Description
[SQLBot](https://github.com/dataease/SQLBot) is an intelligent data query system based on large language models and RAG, meticulously crafted by the DataEase open-source project team. With SQLBot, users can perform conversational data analysis (ChatBI), quickly extracting the necessary data information and visualizations, and supporting further intelligent analysis.
In `backend/apps/db/es_engine.py`, the Elasticsearch query function directly uses user-provided `host` parameter to make HTTP requests without validating the target address, leading to Server-Side Request Forgery (SSRF). Attackers can use this to scan internal networks, access cloud metadata services, and exploit internal services.
### Affected Versions
SQLBot ≤ 1.6.0 |
|---|
| 원천 | ⚠️ https://www.notion.so/SQLbot-SSRF-in-Elasticsearch-Unvalidated-Requests-2afea92a3c4180bea524f1a253f8d9a0 |
|---|
| 사용자 | din4 (UID 50867) |
|---|
| 제출 | 2026. 02. 11. AM 04:44 (2 개월 ago) |
|---|
| 모더레이션 | 2026. 04. 02. PM 01:02 (2 months later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 354854 [Dataease SQLbot 까지 1.6.0 Elasticsearch es_engine.py get_es_data_by_http address 권한 상승] |
|---|
| 포인트들 | 17 |
|---|