제출 #785836: DbGate DbGate Premium 7.1.4 Server-Side Request Forgery정보

제목DbGate DbGate Premium 7.1.4 Server-Side Request Forgery
설명Summary DbGate contains an SSRF issue in its REST/GraphQL connection drivers. An authenticated user can make the DbGate server send HTTP requests to arbitrary URLs, including internal-only services reachable from the server network. Details The issue is caused by user-controlled URLs being used directly in server-side axios requests: - packages/rest/src/openApiDriver.ts#L5: apiServerUrl1 is fetched with axios.get(...) - packages/rest/src/graphQlDriver.ts#L11: apiServerUrl1 is passed into GraphQL introspection - packages/rest/src/graphqlIntrospection.ts#L463: introspection uses axios.post(url, ...) - packages/rest/src/restApiExecutor.ts#L184: REST execution builds a URL from user input and sends it with axios(...) There is no filtering for localhost, private IP ranges, or internal hostnames. PoC I reproduced this with DbGate Premium in Docker plus an internal-only canary HTTP container. 1. Run DbGate Premium and a second container named canary on the same Docker network. 2. Do not expose the canary port to the host. 3. Configure canary to serve /openapi.json. 4. In DbGate Premium, create a new OpenAPI - REST connection. 5. Set API Definition URL to: - http://canary:8080/openapi.json 6. Click Test connection. Observed result: - the canary container receives GET /openapi.json This proves DbGate made a server-side request to an internal-only hostname that is not directly reachable from the browser. Impact This is an authenticated SSRF vulnerability in DbGate Premium. An authenticated user can use the server as an HTTP client to access internal services, localhost-only endpoints, Docker/Kubernetes service names, or cloud metadata endpoints reachable from the server network.
사용자
 ngocnn97 (UID 96701)
제출2026. 03. 23. AM 02:34 (1 월 ago)
모더레이션2026. 04. 13. PM 03:18 (21 days later)
상태수락
VulDB 항목357134 [DbGate 까지 7.1.4 REST/GraphQL openApiDriver.ts apiServerUrl1 권한 상승]
포인트들17

이전개요다음

Do you need the next level of professionalism?

Upgrade your account now!