| 제목 | appsmithorg appsmith v1.97 Server-Side Request Forgery |
|---|
| 설명 | ### Description
Appsmith implements a security warning and filter mechanism to prevent users from making direct internal network requests (SSRF) using hostnames like `localhost` or `127.0.0.1`. However, this restriction is fundamentally flawed in Docker environments because it fails to account for the Docker Bridge Gateway IP (`172.17.0.1`).
An attacker with access to create API queries can bypass the `localhost` restriction by using the gateway IP. This allows the Appsmith backend to act as a proxy, routing HTTP requests (including state-changing methods like DELETE or POST with full header control) directly to the host machine's internal network, granting unauthorized access to internal services that are not exposed to the public internet.
### Vulnerability Details
The core issue is an incomplete denylist validation approach.
When a user attempts to target `http://localhost:[port]`, Appsmith successfully blocks the request, assuming the user is trying to access the container's loopback interface or the host. However, in standard Docker deployments, the host machine is fully addressable via the default gateway IP (`172.17.0.1`).
Key points:
* By substituting `localhost` with the gateway IP, the string-matching filter is trivially bypassed.
* The backend processes the request and forwards it to the host, resulting in a full In-band Server-Side Request Forgery (SSRF).
* To prove that this bypass allows full HTTP interaction (routing methods, payloads, and headers) with an isolated internal service, a local instance of Apache Airflow was used strictly as a test target on the host machine.
### Steps to Reproduce
**Phase 1: Preparation (Establishing the Test Target)**
1. Deploy an internal service (e.g., Apache Airflow) on the host machine running Appsmith. Ensure it is bound to a local port (e.g., `8010`) and not exposed to the internet.
2. In the Airflow UI, navigate to Admin > Pools and create a test object named `test_pool`.
**Phase 2: Capturing Valid Request Data**
1. Using Burp Suite (Intercept On), click "Delete" on the `test_pool` in the Airflow UI.
2. Copy the `Cookie` string and the `X-XSRF-TOKEN` from the intercepted request.
3. Drop the request in Burp Suite so the pool is not deleted locally.
**Phase 3: Bypassing the Appsmith Filter**
1. In the Appsmith dashboard, navigate to Queries / JS and create a New API Query.
2. The Blocked Attempt: Set the URL to `http://localhost:8010/api/v2/pools/test_pool`.
* Observation: Appsmith displays a warning and blocks the execution.
3. The Bypass: Change the URL to `http://172.17.0.1:8010/api/v2/pools/test_pool` and configure the HTTP method to `DELETE`.
* Observation: The security warning disappears.
4. Paste the captured `Cookie`, `X-XSRF-TOKEN`, and `Content-Type: application/json` into the Appsmith Headers configuration.
5. Click Run.
6. Result: Check the Airflow UI. The `test_pool` is deleted. The Appsmith server successfully routed the malicious request through the gateway to the host machine, confirming the SSRF protection is fully bypassed.
### Impact
By exploiting this SSRF filter bypass, an attacker can:
* Map the Internal Network: Perform port scanning on the host machine and identify hidden internal services.
* Access Unauthenticated Services: Interact with internal databases, caching servers (like Redis), or administrative panels that rely solely on network perimeter security.
* Bypass Firewall Rules: Use the Appsmith server as an internal pivot to send authorized or unauthorized requests to infrastructure that is firewalled off from external access.
### Recommendation
* Robust IP Parsing and Validation: Do not rely on string-based blacklists. Resolve all user-supplied hostnames to their underlying IP addresses before making the HTTP request.
* Deny Private IP Ranges: Reject any request that resolves to a private IP address defined in RFC 1918 (e.g., `10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`), including the Docker gateway space, unless explicitly whitelisted by the instance administrator.
* Container Network Isolation: Restrict the Appsmith container's network permissions to prevent it from initiating connections to the host's loopback or gateway interfaces. |
|---|
| 사용자 | Executio (UID 96443) |
|---|
| 제출 | 2026. 03. 14. PM 01:06 (19 날 ago) |
|---|
| 모더레이션 | 2026. 04. 02. PM 01:05 (19 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 354855 [appsmithorg appsmith 까지 1.97 Dashboard WebClientUtils.java computeDisallowedHosts 권한 상승] |
|---|
| 포인트들 | 17 |
|---|