| 제목 | AutohomeCorp frostmourne frostmourne <= 1.0 Server-Side Request Forgery |
|---|
| 설명 | Frostmourne contains a Server-Side Request Forgery (SSRF) vulnerability in the alarm preview functionality. The /alarm/previewData endpoint allows authenticated users to trigger arbitrary HTTP/HTTPS requests from the server without any URL validation and returns the HTTP response directly to the user, enabling attackers to access internal network resources, cloud metadata endpoints, and perform port scanning. |
|---|
| 원천 | ⚠️ https://fx4tqqfvdw4.feishu.cn/docx/GE4GdxBxKoSvBOxhkTRcsawlnhc?from=from_copylink |
|---|
| 사용자 | xcxr (UID 86629) |
|---|
| 제출 | 2026. 03. 16. AM 07:25 (23 날 ago) |
|---|
| 모더레이션 | 2026. 03. 31. PM 06:22 (15 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 354449 [AutohomeCorp frostmourne 까지 1.0 Alarm Preview AlarmController.java 권한 상승] |
|---|
| 포인트들 | 19 |
|---|